I posted previously on using Group Policy to establish rules to prevent executable files (.exe) stored in the Windows AppData directory from running, as a way to minimize or prevent the Cryptolocker-type ransomware from infecting your computers.
Someone asked me: “How do I know if the group policy rules are working?”
Good question … easy answer: drop in a small executable file into your local AppData directory and try to run it. I like to use notepad.exe for this test.
Here are the steps if doing this from a Vista / Win7 / Win8 workstation:
- Open up an elevated command prompt window.
By default, it should put you into the C:\Windows\System32 folder
- Enter the following commands, pressing Enter after each:
copy notepad.exe %localappdata%
- If you receive an error message: “This program is blocked by group policy.” – then your group policy rules are working.