Restrict access to .exe from group policy

[Guest]

Can we restrict access to a specific EXE based on a user policy? I know we
can do this through machine policies. However, I need this not based on the
machine, but a group of users. More specifically, I don't want them running
netscape.exe. However, I want another group to be able to access that on the
same machines. Thank you in advance for your help.

 

[DaveyBwoy]

Exe's can be blocked easily via a user group policy. Under User
Configuration\Administrative Templates, highlight System and you will see a
policy called 'Don't run specified windows applications'. Enable that policy
and list 'Netscape.Exe'. It works quite well except for the fact that the
user can rename the .exe and thus allowing it to run. A better idea would be
to apply a Hash rule to that .exe and block it that way. Via a hash rule, it
doesn't matter if they rename it or run it from alternate locations, the
hashed .exe would never run.

Hope this helps you out,
Dave