• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 252
  • Last Modified:

Group Policy - App Restriction - By Device - By User

I have a situation.

We want to block access to an application for users, but only when they log onto certain Terminals

At my site the users will be running their desktops via Remote Desktop, either accessing it from PC's or Thin Clients.

I need to prevent a program from being run when any user logs onto one of 4 thin clients in particular for security reasons.  If that user logs onto any other machine they need to be able to run the app.
0
mbkitmgr
Asked:
mbkitmgr
  • 2
1 Solution
 
jprlopesCommented:
Create a GPO that includes that 4 computers (not the users) and deny them acess to that particular application.
The GPO will be:

Computer configuration > Windows Settings > Security Settings > Software restrictions Policies > Additional Rules
Right click and choose NEW HASH RULE
Then choose the path to the EXE of the program you want to block and choose NOT ALLOWED.

Apply this GPO to the 4 computers.
0
 
mbkitmgrAuthor Commented:
I spent some time resolving this myself.

1.

Create the Shortcut in GP Prefs

2.

Set the scoping to not apply the shortcut to the Terminal Devices with the names of the devices used
If anyone wants a step by step I am happy to provide
0
 
mbkitmgrAuthor Commented:
Self Resolved
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now