· Click new to create a new GPO. For this example, name the new GPO Software Restriction Policy. After creating the new GPO, select edit.
· Clicking edit opens the GPO editor. Under User configuration select Windows Settings -> Security Settings -> Software restriction policies. From the action menu select new software restriction policy. From here you can configure your new policy.
· Two new folders will appear after creating your new software restriction policy. Select the enforcement policy and click properties. A new dialogue box will appear.
· Select the all software files option and click OK. Next, browse to the additional rules folder. Right click the additional rules folder and select New Hash Rule. Under the hash rule, you can select any file you don’t want the user to run. Generally you will disallow an EXE file so the user is unable to run the executable.
· Given this is a student account, we will disallow several installed programs. The first thing to disable is the command prompt. Right click the additional rules folder and select new hash rule. From here browse for the program you wish to disallow. The command prompt is located in the system32 folder under cmd.exe