Yesterday I’ve had an experience I’d like to share. One customer of mine uses strict AD software restrictions in his windows network limiting executables to certain paths only. Basically software can only be run within c:/program files/ and c:/program files (x86) (which are write protected for default non priviledged user). Everything else is locked down and the user gets a message, that he cannot start this requested program.
He has done this due the threats of cryptowall attacks last year. This leads to this:
- always use program file folders by design. Don’t use custom folders like c:/something
- save your settings etc. in users specialfolders, always
- do not run any additional helper exe files from %temp% folders, they might not run in similar enviroments
I’ve had to rewrite my installer and relocate my helper files, because for installation they were extracted in %temp% folder and could not run from there. Was a day-long lesson to learn for me, on monday…