Solved

Group Policy - App Restriction - By Device - By User

Posted on 2013-06-24
4
226 Views
Last Modified: 2013-07-22
I have a situation.

We want to block access to an application for users, but only when they log onto certain Terminals

At my site the users will be running their desktops via Remote Desktop, either accessing it from PC's or Thin Clients.

I need to prevent a program from being run when any user logs onto one of 4 thin clients in particular for security reasons.  If that user logs onto any other machine they need to be able to run the app.
0
Comment
Question by:mbkitmgr
  • 2
4 Comments
 
LVL 4

Expert Comment

by:jprlopes
ID: 39270921
Create a GPO that includes that 4 computers (not the users) and deny them acess to that particular application.
The GPO will be:

Computer configuration > Windows Settings > Security Settings > Software restrictions Policies > Additional Rules
Right click and choose NEW HASH RULE
Then choose the path to the EXE of the program you want to block and choose NOT ALLOWED.

Apply this GPO to the 4 computers.
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39271294
0
 
LVL 5

Accepted Solution

by:
mbkitmgr earned 0 total points
ID: 39335857
I spent some time resolving this myself.

1.

Create the Shortcut in GP Prefs

2.

Set the scoping to not apply the shortcut to the Terminal Devices with the names of the devices used
If anyone wants a step by step I am happy to provide
0
 
LVL 5

Author Closing Comment

by:mbkitmgr
ID: 39345539
Self Resolved
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

A Bare Metal Image backup allows for the restore of an entire system to a similar or dissimilar hardware. They are highly useful for migrations and disaster recovery. Bare Metal Image backups support Full and Incremental backups. Differential backup…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now