Prevent CryptoLocker via GPO, but break new Office 2010 installations - An Observation
I fought with an Office 2010 installation failure yesterday before I had a moment of enlightenment and decided to look at the event log.
Every time I tried to install Office 2010 Professional or Professional Plus the installation would fail after about a minute, and not give any real indication as to why, just a generic Error 5000. Upon looking at the events leading up tot he failure, I noticed a few VSS events and then a security event, stating that a file named osa00003.exe was denied access to the same folder that the CryptoLocker GPO fix prevents *.exe's from working in. I lifted that GPO restriction temporarily by moving the system I was working on to another OU which I blocked all GPO inheritance to, waited for a replication cycle or two, ran GPUPDATE /FORCE on the workstation, rebooted, logged in and ran RSOP to verify that the restrictions were lifted, they were and that corrected the problem. Office 2010 installed without issue.
I hope this helps someone else not spin their wheels troubleshooting Office 2010 installations if they recently applied some CryptoLocker Prevention GPO's.
Good info, thanks.