seems like i found a solution to my problem.
according to KB 84759, Application and Change control do not support configuring a network path as a Trusted Directory
so the way i was configuring the network path was \\<IP>\\ or \\<server-name>\\ this is wrong & results in the configuration not applying correctly & thus preventing file execution from the network share.
the solution is to mount the network share to a local path on the system & then configure the local path as your trusted directory.
this worked for me
MAC allows for network path to be added as trusted directories without it being mapped as a local path.
Can you dump the execution denied event ?
ah, so the path added in the rule(\\22.229....) has to the path on the client. So on client if you run bginfo from (\\188.8.131.52\..), it will run. (C:\evaluation\...) dos not match the rule.
you were right. i just updated the rule to match the path on the client & it worked.
one more question:
would mounting the network share to a local path on one system & then configuring the local path as your trusted directory work for multiple clients on the same network accessing one share?
trusted directory policy will have to be applied to all the clients.
If local path will be used then a trusted directory policy to that effect will need to be applied on the concerned clients.