As many people have done recently in response to CryptoLocker, our company has recently set up Software Restriction Policies in Group Policy. We have set them up with a Default Security Level of Unrestricted, and then added Disallowed rules for folders under %AppData% and %LocalAppData%.
We had to add a number of them to restrict EXE's at different levels, for example, we have a rule with the path of %AppData%\*\*\*\*\*\*.exe because a path of %AppData%\*\*.exe was not restricting anything running at %AppData%\Folder1\Folder2\Folder3\*.exe.
So far, this has worked pretty well for us, as it is stopping any EXE's from running out of these users folders. The problem that we are having is that when we want a program to run, it can be excedingly difficult to get it to work. The two that I have had the most trouble with are GoToMeeting, and...