Prevent Running of Unauthorized Program via GPO

[xxx]

Hi,
I need to prevent use of unauthorized program (game or unlicensed copy of
program) on the computer of my organization.

Is that possible with GPO ?

Hint are very appreciated.

Lorenzo

 

[Guest]

Create the GPO, in the GPO you can enable the: Run only
Allowed Windows applications, Under the user
configuration, administrative templates, and then click
on the system folder. Here you put in the executables for
the programs that are allowed. Example word.exe, or
PHOTOED.EXE. Not sure if it is case sensative in 2k or
2k3, it was in NT4. Anything that is not in here should
not run, should get a restriction error.

Juan Gil

 

[Stew Basterash]

Problem with this theory...

They can still be run from a command prompt...

If you are trying to prevent users from running specific applications, and
you use the "run only allowed windows applications" (KIOSK) methodology, you
will also have to take away the command prompt... This setting and "Don't
run specified windows applications" are specific only to the windows
shell... executing from a command prompt is a workaround...

Windows 2003 AD has software restriction policies that have heirarchy
"rules" that allow you to set the functionality that you are most likely
looking for... I have another solution that was built for a large
organization for 2000... If you are interested you can contact me
directly...

Stew Basterash

 

[Juan Gil]

You are correct. I failed to mention that we run a
profiled environment here. Each department is locked down
to just what they need to run. No icons on the desktop.
No control panel or run prompt.

Juan

 

[Jose]

If you check in the group policy you will be able to find a policy to
prevent certain applications that you list from running, please
beaware that you will also need to block the run command cause the
programmes can be run from the dos prompt

 

[Software Department]

Greetings,

This policy has killed the default Windows XP theme from being applied
during the first logon of a restricted user. Presumably, there is an
executable required for loading the default theme. Anyone know what it is
and any other required executables for Windows XP to run correctly,
especially during the first logon?

Thanks

Eric

 

[Steven L Umbach]

Since you have XP Pro clients, look into using Software Restriction Policies to
control unauthorized software from being run and you can manage it at the domain
level for XP Pro machines by managing Group Policy for the domain from an XP Pro
domain machine. SRP are very powerful once you figure out how to apply them via
path/hash/certificate rules and local administrators can be exempted in the
enforcement rule. --- Steve

http://support.microsoft.com/?kbid=310791
http://support.microsoft.com/default.aspx?scid=kb;en-us;307900