No allow option for run an executable??

Hi all… can anyone tell me whether its ok to only have ask and block options for ‘Run an executable’ in the security policies of d+?? attached a screenshot…

[attachment deleted by admin]

why is it so??? won’t it generate frequent popups??

If you modify the settings against “Run an executable” you can allow c:\windows* and c:\program files*. This will give good security if all users are limited and cannot save to these locations. I do this for explorer.exe to reduce pop-ups. Adding C:* will allow more but is less secure.