Create a registry path rule
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
To create a registry path rule
Click Start, click Run, type regedit, and then click OK.
In the console tree, right-click the registry key that you want to create a rule for, and then click Copy Key Name. Note the value name in the details pane.
Open Software Restriction Policies.
In either the console tree or the details pane, right-click Additional Rules, and then click New Path Rule.
In Path, paste the registry key name, followed by the value name.
Enclose the registry path in percent signs (%), for example, %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PlatformSDK\Directories\InstallDir%.
In Security level, click either Disallowed or Unrestricted.
In Description, type a description for this rule, and then click OK.
Notes
Different administrative credentials are required to perform this procedure, depending on your environment:
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.
If you create a registry path rule for a computer that is joined to a domain: To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.
To open Software Restriction Policies, see "Open Software Restriction Policies" in Related Topics.
It may be necessary to create a new software restriction policy setting for the Group Policy object (GPO) if you have not already done so. For information about how to create new software restriction policies, see Related Topics.
Format the registry path as follows: %[Registry Hive]\[Registry Key Name]\[Value Name]%
The name of the registry hive has to be written out; abbreviations do not work. For example, HKCU cannot be substituted for HKEY_CURRENT_USER.
The registry path rule can contain a suffix after the closing percent sign. Do not use a backslash (\) in the suffix. For example, %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* is valid.
The only file types that are affected by path rules are those that are listed in Designated File Types in the details pane for Software Restriction Policies. There is one list of designated file types that is shared by all rules. For more information, see "Add or delete a designated file type" in Related Topics.
To refresh software restriction policies, you must log off from and then log on to your computer.
When more than one software restriction policies rule is applied to policy settings, there is a precedence of rules for handling conflicts. For more information, see "Precedence of software restriction policies" in Related Topics.
Information about functional differences
- Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.
See Also
Concepts
Open Software Restriction Policies
Create new software restriction policies
Create a path rule
Software Restriction Policies
Add or delete a designated file type
Precedence of software restriction policies rules