·
Click new to create a new GPO. For this
example, name the new GPO Software Restriction Policy. After creating the new
GPO, select edit.
·
Clicking edit opens the GPO editor. Under
User configuration select Windows Settings -> Security Settings ->
Software restriction policies. From the action menu select new software
restriction policy. From here you can configure your new policy.
·
Two new folders will appear after creating
your new software restriction policy. Select the enforcement policy and click
properties. A new dialogue box will appear.
·
Select the all software files option and click
OK. Next, browse to the additional rules folder. Right click the additional
rules folder and select New Hash Rule. Under the hash rule, you can select any
file you don’t want the user to run. Generally you will disallow an EXE file so
the user is unable to run the executable.
·
Given this is a student account, we will disallow
several installed programs. The first thing to disable is the command prompt.
Right click the additional rules folder and select new hash rule. From here
browse for the program you wish to disallow. The command prompt is located in
the system32 folder under cmd.exe
No comments:
Post a Comment