To do so, please refer to the following steps:ġ. This posting is provided "AS IS" with no warranties, and confers no rights.To block the specific application, you can use software restriction group policy. Software Restriction Policies Tools and Settings More information about how to configure software restriction policy, please visit: You can also use a wildcard (*) as part of the path.Īfter the client refreshes, Group Policy disallows the specified application or any application in the specified path. For example, instead of using C:\Program Files, I can use %ProgramFiles%, %ProgramFiles(x86)% (for 64-bit platforms), and %windir%. You can use environment variables as part of You can browse if the path is locally available. Enter the path name or filename, and enter a description. Right-click Additional Rules, and the various types of rules appear (i.e., hash, certificate, Network Zone, and Path). We want to add a disallowed rule, so select Additional Rules.Ħ. Alternatively, you can set Disallowed as the default, then add exceptions to Basic User/Unrestricted that can run. Unrestricted as the default, you can then add entries to Disallowed to block certain applications/source. If you right-click any option but Unrestricted, the option to “Set as default” appears, forcing the policy to that mode (Unrestricted is already the default).
Under Security Levels, three levels are displayed: Disallowed is for default blocking of all software, Basic User is for software that can run but will run withoutĪdministrator credentials, and Unrestricted allows all software to run. Two nodes will appear under Software Restriction Policies: Security Levels and Additional Rules. Restrictions, and select New Software Restriction Policies.ģ. Expand the following items: Computer Configuration->Policies->Windows Settings->Security Settings->Software Restriction Policies. Start the GPMC, and open a GPO to edit.Ģ. To block the specific application, you can use software restriction group policy.