I noticed in several environment that application blocking is not blocking for the redirected %AppData%, but works for other redirected locations such as downloads, Favorites as expected. In another environment it blocks all correctly with the same DEM versions.
I cannot find a difference or any missconfiguration (no GPO, no whitelisting). Adding additional blocking rules don't have an effect either.
Some ideas what i could check further or what the reason could be?
Many thanks for any hint
Could you add some more info?
When you enable the global Application Blocking feature, only programs started from C:\Windows and C:\Program Files should be allowed.
Any other location, including %AppData% (redirected or not) should be blocked. Are you telling me that's not the case?
Yes thats my problem, it does not block the exe from running in %AppData% - altough no whitelisting exists.
It blocks exes in other locations (downloads, documents..) correctly but NOT in the roamed %AppData%
Just in case someone else runs into this: I have nailed down the problem.
The solution was to give NTFS Permissions "list folder / read data" on the top redirected folder, like it's needed for computer env settings.
That seems to be true for application blocking as well:
Note If you want to use VMware Dynamic
Environment Manager computer environment settings,
remote computer accounts must also have Create
folders / append data permissions applied to This