Check out the Access Rule you created. You'll see that you can create an exception to the users/groups to which the rule applies. Then, you can configure an allow rule for those users you want to allow access to those files.
I am a bit confused, I have to create both an exception (for the users I want to allow the access to the .exe downloads) on the Policy rule that denies the traffic, as well as a new Access Rule that specifically allows these type of downloads?
quote:Originally posted by sm00ter: I am a bit confused, I have to create both an exception (for the users I want to allow the access to the .exe downloads) on the Policy rule that denies the traffic, as well as a new Access Rule that specifically allows these type of downloads?sm00ter
I've recently accomplished this as well, here is what i did: Firstly the rules apply to users and not the "IT computers".
1) Create allow HTTP download access rule with HTTP filtering rule to block executables: a) Apply rule to authenticated users b) Exclude the rule to apply to admin users Beneath that access rule: 2) Create allow HTTP download access rule without checking the 'block executables' box in HTTP filtering: a) Apply that rule to only admin users.
Thats about it, and if there is a better method that someone knows please notify
Okay I've also just realized/noticed that the method provided above - in addition to denying executable downloads for 'authenticated users,' it also denies the .exe downloads for 'domain computers.' Which results in failures when attempting to update my machine via "windowsupdate"
Apparently, windowsupdate has IE download the updates with the domain computer account. A resolution was to add "domain computers" group in the same areas where i added 'admin users.' Thus excluding/including the domain computers to download executable files.
Again if there is another method, I'm listening Thanks!
Would creating a 'direct connection,' to the windowsupdate site help in this situation, so as to not implement rules with the 'domain computers' account group?