Allowing Shortcuts When Using Software Restriction Policies

by Chris Sanders [Published on 24 March 2010 / Last Updated on 23 June 2009]

In its default configuration, software restriction policies will not allow programs to be executed by means of shortcuts. Here is how we can allow this and still maintain the security SRP offers.

Software Restriction Policies provide a great deal of security in environments when you need to control exactly what applications can and can’t be executed. The default Disallowed security setting only allows programs in the Program Files and System Root directories to be run without restriction. This is highly secure; however, in Windows XP this keeps users from launching applications from desktop shortcuts which is an incredible inconvenience.


This issue can be resolved by adding a path rule in your software restriction policies. In order to do this, edit the GPO that configures your SRP’s, browse to Computers Configuration/Windows Settings/Security Settings/Software Restriction Policies/Additional Rules and create a path rule with a value of *.lnk.

See Also

The Author — Chris Sanders

Chris Sanders is a network security analyst for EWA Government Systems Inc. Chris is the author of the book Practical Packet Analysis as well as several technical articles. His personal website at contains a great deal of information, articles, and guides related to network administration, network security, packet analysis, and general information technology.

Featured Links