My organization runs a pretty strict group policy where we use the GPO option User Configuration->Admin Template ->System-> Run only specified Windows applications extensively. My HR department uses ADP for our payroll system and their remote support reps use a system called Bomgar to remote control desktops when they need to. Unlike some other remote control systems, when a client system downloads the bomgar executable to initiate the remote control session, the name with the executable contains the session key in the name, so instead of a simple bomgar.exe, I have a randomly generated "bomgar.encryption.session.random.key.exe" that the way that my Group Policy works I would have to know that entire key which is exclusive to only that session for it to run, but the next time I'd need to know the next name as well.

In my digging I've found that the GP object that I'm using doesn't allow using wildcard characters, so something like "bomgar.*.exe" would be out of the question. I did find for Windows 7 that there was something called AppLocker, but in reading through a number of these forums most of what I've found suggests that it doesn't work with Zen delivered GP. Is anyone else out there running into this situation with Bomgar and have a way to get its random executable to work within group policy without having to give the user administrative rights? Thanks!