Users can access resources through explorer although NoRun is enabled

Version 1

    Problem

    Consider the following scenario:

    Users should not be allowed to access the local disks on the server or browse through network locations by typing in the location in the address bar of Microsoft Windows Explorer. This can be prevented by configuring the registry entry NoRun with a value of "1" in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer. When a user tries to access a resource this way he will be presented by the following Microsoft Windows message: "Access to the resource has been disallowed".

    In this scenario the registry entry NoRun has been configured with the value of "1" through User Registry. After logging on to a user session the registry value will be "0" and the user is able to access the resources.

    Note:

    This behavior does not occur when the Lockdown and Behavior option "Always hide `Run...` in menu" is used. This will set the registry entry NoRun with a value of "1" as well.

    Cause

    In an early stage of the logon process the registry entry NoRun is set with a value of "1" in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer to prevent users from accessing resources before RES Workspace Manager has configured the policies for the user.

    At the end of the logon process the registry entry is configured as "0" again. This mechanism did not take the possibility to configure the registry entry NoRun through User Registry into account.

    Solution

    This issue is resolved in RES Workspace Manager 2014 SR2.
     
    In case the Service Release is not (yet) available or in case the Service Release cannot be installed, a revision containing this update is available on request at RES Support.
     
    IMPORTANT: A revision contains multiple fixes. Only apply this revision when you are experiencing a specific problem. Unless you are severely impacted by this specific problem, RES Software recommends that you wait for the next service release containing these fixes.