# Software Restriction Policy (SRP) on the NovaSeq 6000 **Overview of Software Restriction Policy (SRP)** * Windows Software Restriction Policies (SRP) use rules to allow only specified software to run. * For NovaSeq 6000, SRP rules are based on certificates, file names, extensions, and directories. * By default, SRP is turned on to prevent unwanted software from running on the control computer. * An IT representative or system administrator can add and remove rules to customize the security level. * If the system is added to a domain, the local Group Policy Object (GPO) may automatically modify the rules and turn off SRP. * Turning off the software restriction policy prevents the protection it provides. * Changing the rules overrides the default protections. **How to Disable/Enable the SRP:** * In a file browser window, navigate to C:\Illumina\Security * Double click "disable.reg" and acknowledge the pop-up message. * To re-enable the SRP, double click "enable.reg" On the NovaSeq 6000 Sequencing system, the SRP defaults the following rules: **Allowed SRP Rules**\ Certificates * DigitalSystems * Illumina, Inc. * NovaSeq Executable Files * Portmon.exe * Procmon.exe * Procmon64.exe * Tcpview\.exe File Extensions * .bin * .cbcl * .cfg * .config * .csv * .dat * .focus * .imf1 * .ims * .jpg * .json * .lnk * .locs * .log * .manifest * .sdf * .tif * .txt * .xml Directories * %HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% * %HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% * C:\CrashDumps\\\* * C:\Illumina\\\* * C:\Illumina Maintenance Logs\\\* * C:\LocalSymbols\\\* * C:\Program Files (x86)\Chromium\Application\\\* * C:\Program Files (x86)\EMET 5.5\\\* * C:\Program Files (x86)\Illumina\\\* * C:\Program Files (x86)\Internet Explorer\\\* * C:\Program Files (x86)\LibreOffice 5\\\* * C:\Program Files\Illumina\\\* * C:\ProgramData\Illumina\\\* * C:\ProgramData\Package Cache\\\* * C:\Users\sbsuser\AppData\Local\Temp\Citrix\\\* * C:\Users\sbsuser\AppData\Local\Temp\CitrixLogs\\\* * C:\Users\sbsuser\Desktop\FSE turn over to customer.bat D:\Illumina\\\* Users can add and remove SRP rules to customize system security. Modifying the rules requires temporarily turning off the SRP.\ **To add or delete a rule:** 1. Disable SRP (according to instructions above \[How to Disable/Enable the SRP section]). 2. Select the magnifying glass in the bottom left-hand corner (the start menu) next to the Windows logo. 3. Type the word **Run** **into the search and press enter.** 4. Type **secpol.msc** 5. In the Local Security Policy dialog box, expand **Software Restriction Policies,** then select **Additional Rules**. 6. To add a rule: * On the Action menu, select **New Path Rule**. * In the Path field, enter the certificate, file name, file extension, or directory to allow. * (Optional) In the Description field, type the reason for creating the rule. * In the Security level list, select **Unrestricted**. * Select **OK** to add the rule to the SRP. 7. To delete a rule: * Select the rule to delete, then select **Delete**. * Select **Yes** to confirm. 8. Be sure to re-enable SRP once complete. \ \ \
| | | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: | | *For any feedback or questions regarding this article (Illumina Knowledge Article #2466), contact Illumina Technical Support* [*techsupport@illumina.com*](mailto:techsupport@illumina.com?subject=Question%2FFeedback%20Regarding%20Illumina%20Knowledge%20Article%20#000002466%20-%20Instrumentation%20\&body=Dear%20Illumina%20Technical%20Support,%0D%0A%0D%0A)*.* |