Hi there We currently run a Windows NT 4.0 Terminal Server farm for which we use appsec very successfully to restrict access to unknown code whilst giving access to over 100 known applications. We use a scripted build to deploy the applications and at the same time enter trusted applications into the appsec registry section. This works very well for us. We are currently looking at moving to Windows Server 2003 and I see now that appsec has been replaced by Software Restriction Policies. So far, I haven't been able to find any information on how to script these policies or, for that matter, any way in the MMC to export and import these policies. (An export option is available to a csv file but there is no way to import this file... and all of the restrictions need to be entered manually in the first instance anyway) After a bit of digging I found that the Software Restriction Policies themselves are stored in the registry under HKLM\Software\Policies\Microsoft\Windows\Safer\codeidentifiers\0\Paths\{Some GUID} for disallowed rules and HKLM\Software\Policies\Microsoft\Windows\Safer\codeidentifiers\262144\Paths\ {Some GUID} for unrestricted rules If I directly enter restrictions into the above registry locations by creating my own unique GUID and all of the other appropriate information and then reboot the server, the policies do in fact take effect. However, they are not viewable in the MMC. Does anyone know of any other ways to script this in a more refined manner and in a way where everything will be viewable in the MMC? Regards Rich Richard Chapman Technical Support richard.chapman@xxxxxxxxxxxxxxxxxx Ph +44 207 587 2205 This email is confidential to the addressee only. If you do not believe that you are the intended addressee, do not use, pass on or copy it in any way. If you have received it in error, please delete it immediately and telephone the number given, reversing the charges if necessary. **************************************************************************** SMOKE ALARMS SAVE LIVES Go to London Fire at www.london-fire.gov.uk/firesafety This email is confidential to the addressee only. If you do not believe that you are the intended addressee, do not use, pass on or copy it in any way. If you have received it in error, please delete it immediately and telephone the number given, reversing the charges if necessary. ******************************************************** This weeks sponsor - Emergent Online 99Point9.com Designed to facilitate efficient resolution of your technical server-based questions, issues and incidents, technical support is a few mouse-clicks away: you submit your incident-specific support requests via our online support helpdesk, our certified engineers resolve them while you monitor the progress, and your systems get back to 99.9% up-time in no time. http://www.99point9.com ********************************************************** Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm