Change the default security level of software restriction policies

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To change the default security level of software restriction policies

  1. Open Software Restriction Policies.

  2. In the details pane, double-click Security Levels.

  3. Right-click the security level that you want to set as the default, and then click Set as default.

Caution

  • In certain directories, setting the default security level to Disallowed can adversely affect your operating system. For more information about setting your default security setting to Disallowed, see Related Topics.

Notes

  • Different administrative credentials are required to perform this procedure, depending on the environment for which you change the default security level of software restriction policies:

  • If you change the default security level of software restriction policies on your local computer: To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.

  • If you change the default security level of software restriction policies on a computer that is joined to a domain: To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.

  • To open Software Restriction Policies, see "Open Software Restriction Policies" in Related Topics.

  • It may be necessary to create a new software restriction policy setting for this Group Policy object (GPO) if you have not already done so. For information about how to create new software restriction policies, see Related Topics.

  • In the details pane, the current default security level is indicated by a black circle with a check mark in it. If you right-click the current default security level, the Set as default command does not appear in the menu.

  • Software restriction policies rules are created to specify exceptions to the default security level. When the default security level is set to Unrestricted, rules can specify software that is not allowed to run. When the default security level is set to Disallowed, rules can specify software that is allowed to run.

  • At installation, the default security level of software restriction policies on all files on your system is set to Unrestricted.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Setting the default security level to Disallowed
Software Restriction Policies
Open Software Restriction Policies
Create new software restriction policies