The current implementation for sandbox exceptions is hard to use. We run MANY of our software upgrades as part of our login script. Now several of them are triggering the sandboxing rules. I can easily add an exception for the specific program name, but that changes with each version of each program. Plus, there is a delay between when you put it there and when a client picks up the change. So I put it there, wait several hours and then implement the upgrade. But if someone is sick or on vacation that day, the next day they get sandbox prompts because the settings don’t update before the login script runs.
So it would be very helpful to be able to say everything under \server\share\setup\papercut is excepted from the sandbox, or \server\share\setup\papercut\client-*\client-local-install.exe is excepted. But exceptions don’t handle wildcards or directories presently, so you can’t.
As it stands, users get prompted about sandbox and either let it sandbox which causes it NOT to update the computer, so it keeps prompting every day. Or they call the support desk to ask what to do.
