Windows Server has a tool called Application Security that, if enabled,
prevents users from running any programs except those in its Authorized
Applications list. I'm using it for users logging in via RDP to Windows
Terminal Server, though I'm not sure that's relevant to this issue.
I had no luck running a PAR executable in this environment, so I tried
creating a PAR archive only using -p -B and invoking parl.exe on the PAR
archive. With Application Security disabled, this runs fine. I see a
command shell start up with the correct command line in its title:
parl.exe {my-script}.par {switches}..., there's a delay while everything
is extracted into "C:\Documents and Settings\%USERNAME%\Local
Settings\Temp\{some-hex-number}\par-%USERNAME%\cache-{some-long-hex-number},
and the script runs as expected.
If I enable Application Security, it doesn't work. I get an error:
Access is denied. This initial program cannot be started: parl.exe
{my-script}.par {switches}. This is to be expected.
However, if I add {working-dir}\parl.exe to the Authorized Applications
list, it still doesn't work. I now see the command shell start up
briefly, as when it worked, but nothing else happens. Nothing gets
extracted. Nothing gets added to the par-%USERNAME% directory. So I'm
wondering if some other executable gets extracted briefly, or is run by
Windows in order to do the extraction, that isn't in the Authorized
Applications list.
Any ideas? Has anyone gotten this to work before?
By the way, when the PAR is extracted ok with Application Security
disabled, there's a parl.exe in the cache-* directory. Why is this? Is
it used? (But that isn't my problem here, as this one never even gets
created with Application Security enabled.)
Thanks,
Garyl
