How Can I prevent a specific application from being run on a specific machine using Group Policy?

windows windows-xp group-policy restrictions
6,668

Solution 1

One alternative would be to use Software Restriction Policies (Computer Configuration -> Windows Settings -> Security Settings) rather than the "Do Not Run Specified Windows Applications" user policy. This will also give you more flexibility around how you select the application to be blocked.

Keep in mind that any blacklisting approach can be worked around. If you want to ensure that the restriction can't be bypassed, you'll need to use Software Restriction Policies in whitelist mode, i.e., specify those applications that are allowed to run rather than those that are not.

Solution 2

If you're setting the restriction policy on the User Configuration section of the GPO then this will have no effect unless the user account objects are in the OU that you've applied the policy to (or if you enable loopback processing).

Shift the settings to the Computer Configuration section of the policy, assuming you want the policy to apply regardless of who logs on to those systems.

Share:
6,668

Related videos on Youtube

Mike
Author by

Mike

Updated on September 18, 2022

Comments

  • Mike
    Mike almost 2 years

    I know this is possible to do and I am working on it with limited success. I believe the Group Policy I want is "Do Not Run Specified Windows Applications" - I can enable this and add the .exe I want to the list of programs not to be run.

    I have tried this on my local machine by running gpedit.msc going to User Config > Admin Templates > System and then choosing that policy and editing and enabling it. Doing it this way verifies that it works as I could then not run the specified .exe (XenAppWeb.exe) So this is great.

    I have created a GPO to do the same thing in GP Management on my domain controller where we centralize this, enforced it, applied it to an OU, and put one of our machines into this OU to test it. I have let it sit there for 3 days, run gpupdate /force, and when I try to run XenAppWeb.exe on this machine, it still lets me run it fine.

    What can I look at to troubleshoot this?

    I should note that I am trying to enact this policy on Windows XP machines (Virtual Machines)

    Thanks, Mike

  • Mike
    Mike over 11 years
    Thanks Chris that makes a lot of sense, I do in fact have these settings under the User Configuration - The issue now is, when I go to edit the GPO, I don't have an option for "Do Not Run Specified Windows Applications" under Computer Config - It only exists under User Config - Is there some way to copy or move it?
  • Chris McKeown
    Chris McKeown over 11 years
    Looks like that option isn't available under Computer Configuration. The easiest way would be to enable Loopback Policy Processing, which causes the User Configuration section of the policy to apply to any user logging on to those systems.
  • Mike
    Mike over 11 years
    Thanks Harry, I played around with this and I think I got it to work. It doesn't give any sort of "Access denied" error when you try to run the program which would have been nice, but it doesn't run the program when you try to and that is the important thing

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Disable Access to Drives for Limited Users in Windows
Disable speakers on Windows client machines?
Why do installed fonts disappear after reboot?
Distributing Files using a Group Policy on Windows Server 2003
GPO to lock workstation after it is idle for X minutes without forcing a specific screensaver
Recovery Windows XP Active Desktop for Restricted Users
How to unblock the program from the group policy in Android Studio for a Flutter application?
tkinter 'NoneType' object has no attribute 'pack' (Still works?)
How can I get files older than a specified date?
Copy Files quickly from a mapped network drive