Locking down Windows 7 on New Domain

Hi,
 I think you mean how lock the applications? This feature called AppLocker. With this feature you can assign the users to the rules that you have created. For example: User A can run Office 2010 but cannot run Adobe reader. User B can run Adobe reader but cannot run Office 2010. Ofcourse you will need to create rules but first prepare your system for this.

1-First make sure that your Domain and Forest Function Levels are Windows 2008 R2, if not please raise it. Since you having new domain this operation is safe. If you would have Windows 2003 DC then you shoudl remove it from the environment gracefull.

Open Group Policy Management and edit Default Domain Policy
 

Computer Configuration -> Windows Settings -> Security Settings -> Application Control Policies
Create your rule under AppLocker -  Executable Rules
 

 Allow or Deny
 

Select Publisher
 

Browse the software that you wanna restrict
 

With Exceptions tab you can allow or deny previous versions of the same software if you like
 

Name your rule
 

After creation of the rule you may edit if you like
 

Go to the Services and RUN Application identy service
 

Open cmd and run gpupdate /force (restart recommended)
 


 

I am running Windows Server 2008 Service Pack 2 but do not see that feature under Group Policy.

Hi,
To activate this feature you must have Windows 2008 R2. All clients also must be Windows 7.

Ok, then I guess this solution will not work in my situation.

This technet article is very helpful too:

Using Software Restriction Policies to Protect Against Unauthorized Software
http://technet.microsoft.com/pt-br/windows/aa940985.aspx

Thanks