Software Restriction

When you use software-restriction policies, you specify software that is or isn’t allowed to run so that you can protect your organization from untrusted programs (and prevent users from distractions, too). You can define a default security level of Unrestricted or Disallowed for a GPO so that software is either allowed or not allowed to run by default. Then you create exceptions to the default security level for specific programs. For example, you can disallow all programs but a few specific ones to run—a common scenario for managing task-based workers. Group Policy supports the following types of rules:

Hash rules. Programs are identified by the program file’s hash value, which enables Group Policy to identify the program ...

Get Microsoft® Windows® Desktop Deployment Resource Kit now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Microsoft® Windows® Desktop Deployment Resource Kit by

Software Restriction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly