I have no idea what SUA is. However, I started implementing SRP on my Win7 x64.
When I made disallowed the default, a couple of paths were made unrestricted.
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)%%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%So, I figured my 32 bit and 64 bit program folders were whitelisted. However, I figured wrong.
My event viewer, application log was showing this error when I tried starting a 64 bit process from a 32 bit process.
quote:
Access to C:\Program Files\Windows Media Player\wmplayer.exe has been restricted by your Administrator by the default software restriction policy level.
The problem is, a 32 bit program is going to look for the value for "ProgramFileDir" at HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion. There, the value is "C:\Program Files (x86)". A 64 bit process will see "C:\Program Files". If the 32 bit registry editor is run, there is no Wow6432Node to be found, because it is already substituted for the 64 bit registry node. So a 32 bit process won't see that the 64 bit program files is unrestricted.
So, what I did, using the 64 bit registry editor, was create a new string value ProgramFilesDir (x64) = C:\Program Files at:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion and
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion
Then, in Software Restrictions Policy, I changed the rule for the 64 bit program directory to look like this:
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x64)%The problem with a 32 bit program starting a 64 bit program ended for me. I didn't try the following, but as an after thought, this might work as well.
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramW6432Dir%
