Kaonashi007

Hello, Try this, maybe it resolves the problem : In GPO, click on the folder that contains the options, View menu, Filter and uncheck the last checkbox there. Good luck.

Hello, I have found the solution in software restrictions in GPO, there you can define rules, the first rule is a path rule (just right clic on softwares restrictions...), write there *.bat and set it to disallowed. and other rules that define the exceptions, they are path rules also, write there the UNC path of all places where you made startup scripts...in the server and end it with *.bat . For instance \\LOGIN_SRV\Share\*.bat and set all this rules to unrestricted . this GPO is apllied on the domain to affect all users and computers. that's it.

Hello, We have a domain and users, all restrictions policies are applied in order to prohibit users from any right of configuration . the users need notepad to note some information from the caller and copy it in a database. they write a dos command in notepad, change the extension of this file from .txt to .bat or .cmd and run the script . i know there's an option in GPO that disables the execution of batch files but it disables also the logon scripts, and i have remarked that it do not disables the startup scripts. knowing that the logon scripts run under the context of the current user, the solution of creating a script that disables the execution of batch files and that will be executed at last of the logon scripts will never work because the user do not have the right of modification in the register, so the logon script can not do it also. the goal is to prohibit users from running batch files while permitting the execution of logon scripts. help please.