Prevent Read and Write to File Types or Network Locations

To prevent read and write access, do the following steps:

1. On the managed computer, create a Microsoft Word document and save it to c:\company invoices\invoice 101.doc.
2. In the Security Manager Console, click the Policies tab.
3. In the file library in the left pane, navigate to Application Control > Policies.
4. Right-click Policies and click New > Blank Application Control Policy.
   
5. Give the policy a name and description.
   
6. In the right pane, click the Applications to Control tab.
7. Under Conditions (optional), next to Include only, click the Select link.
8. In the Select Items dialog box, select the application (for example, MS Word) and click OK.
   
9. Click the Apply to button and choose All Windows Computers with Application Control Agent Installed.
10. Click the Application Actions tab and select Send policy feedback.
11. Click the Policy Enforcement tab and select Continue enforcing policies for child processes after enforcing this policy.
12. Select Deny File Access and click OK.
13. In the Deny File Access dialog, enter the following in the appropriate fields:
14. Name - Prevent write access of Word documents to Company Invoice directory
15. Path - C:\company invoices
16. Mime type - Word document
17. Click Apply and close the dialog.
18. In the Items Selector dialog, select the new Deny File Access Application Action, and click OK.
19. Enable the policy and click Apply.
20. In Microsoft Word, open C:\company invoices\invoice 101.doc. The file is read only and can't be modified.

Further Testing

• Create a new document and attempt to save it to c:\company invoices\. You will be unable to open it and will receive a File Permission error.
• Verify that a Word document can be created or modified in a different directory.
• In Microsoft Excel, save a spreadsheet to the same location as Step 1. The permissions are limited to Microsoft Word.