In Windows 2000, you'll use either the "Do not run the following
applications..." setting, or else the "Only run the applications I
specify..." setting - the former to disallow certain executables from
running, the latter to only allow those specific .exe's to run that you've
explicitly listed.
Create as many GPOs as you require policies, at which point you have 2
options:
[1] Separate the user/computer objects into separate OUs, and link each
GPO to its appropriate OU.
or,
[2] Use security filtering to apply the "Read" and "Apply Group Policy"
permissions on each GPO to the relevant group. (Remove the default
permission where "Authenticated Users" receives "Read" and "Apply Group
Policy")
Whichever route you go, be sure to test the policy thoroughly before
deploying it into a production environment so that you don't run into
unexpected behaviours on your users' actual workstations.
HTH
--
Laura E. Hunter: MVP Windows Server - Networking
All replies to newsgroup, please
Post provided as-is, no warranties expressed or implied
Andreas Elfvengren said:
Hello!
How do I configure The group policy or whatever, so that it blocks
certain
programs for certain groups? The programs are standards like: Microsoft
Office and Openoffice...
Greatful for reply
