Example: Using Wildcards and Variables in Policy Rules

The following table displays examples of using wildcards and variables to specify a filename (regardless of location), a file located within a specific folder or folder path, or any file within a specific folder or folder path.
Example
Result
C:\temp\a.exe
Matches only the
a.exe
file and only if launched from the
C:\temp
folder
%TEMP%\a.exe
Matches only the
a.exe
file and only if launched from the
C:\Users\<username>\AppData\Local\Temp
folder on Windows Vista and later machines or
C:\Documents and Settings\<username>\Local Settings\Temp
on Windows XP machines
C:\temp*
Matches any file launched from the
C:\temp
folder or from any folder or subfolder in a filepath that begins with
C:\temp
(for example,
C:\temp\folder\a.exe
,
C:\temp1\a.scr
, and
C:\temporary\folder\b.exe
)
C:\temp\*
Matches any file launched from the
C:\temp\
folder or subfolder (for example:
C:\temp\a.scr
and
C:\temp\temp2\b.exe
)
C:\temp\a?.exe
Matches any file beginning with a and followed by a second character launched from the
C:\temp\
folder (for example:
C:\temp\a1.exe
and
C:\temp\az.exe
)
C:\temp*.exe
Matches any executable file with an .exe file extension, a filename that begins with temp, and that is launched from the
C:\
drive (for example,
C:\temp1.exe
and
C:\temporary.exe
) and matches any executable file with an .exe file extension that is launched from any folder or subfolder in a filepath that begins with
C:\temp
(for example,
C:\temp\folder\a.exe
,
C:\temp1\b.exe
, and
C:\temporary\folder\c.exe)
C:\temp\*.exe
%SystemDrive%\temp\*.exe
Matches any executable file with an .exe file extension that is launched from the
C:\temp\
(or equivalent
%SystemDrive%\temp\
folder) or from any folder or subfolder in a filepath that begins with
C:\temp\
*\a.exe
Matches only the
a.exe
file regardless from which location it is launched
%SystemDrive%\%MyVar%
When
%MyVar%
is equal to a filename, for example
myfile.exe
, this matches that filename when launched from the
%SystemDrive%
folder (in most cases C:\)
a.exe
(
Java restriction rules only
) Matches only the
a.exe
file regardless from which location it is launched
Java restriction rules require you to include the .exe at the end of the filename.
C:\temp
C:\temp\
Does not match any executable files because the path is not a full path (partial paths must contain at least one wildcard to be useful)

Recommended For You