I wasn't able to get the "Log Unapproved Applications" to log anything but I was able to implement the Lockdown.
We had have an issue with a few legitimate programs already installed being block.
I'd like to know if Windows Updates will cause issues with this configuration. Will we need to take a new finger print after every update?
As an alternative we have being looking at Application Control again. This time though we'd like to allow applications to run only if they are in certain directories.
I've been unable to get this to work though, Any help on this would be appriciated.