238 Windows Server 2008 Terminal Services Resource Kit Path Rule This rule identiﬁes a speciﬁc path of an application and only the application in that path can be allowed or denied. A speciﬁc piece of code (such as Winword.exe) can be expressed in the path or the path can point to a folder. If the latter, all code in the folder is allowed or denied. For example, if you host Microsoft Ofﬁce 2007 applications on your terminal server, you can point to the Microsoft Ofﬁce installation directory. All code in that directory will be allowed or denied depending on the policy security level and additional rule settings. Environmental variables, UNC paths, registry paths, question marks, and asterisk wildcards can be used in path rules. Network Zone Rule This rule only applies to .msi ﬁles, so is probably not very useful in locking down a terminal server except when installing software.