Allowing Shortcuts When Using Software Restriction Policies
Software Restriction Policies provide a great deal of security in environments when you need to control exactly what applications can and can’t be executed. The default Disallowed security setting only allows programs in the Program Files and System Root directories to be run without restriction. This is highly secure; however, in Windows XP this keeps users from launching applications from desktop shortcuts which is an incredible inconvenience.
This issue can be resolved by adding a path rule in your software restriction policies. In order to do this, edit the GPO that configures your SRP’s, browse to Computers Configuration/Windows Settings/Security Settings/Software Restriction Policies/Additional Rules and create a path rule with a value of *.lnk.