Here's a challenge:
Our students need to be able to run only a dozen of programs (Word, Excel, IE, GIMP, Notepad++ etc) and nothing else.
I want to find a way to apply an application white list that students can run.
I need to be able to apply this policy to one user OU in Active Directory (StudentsOU).
Users from all other OUs need to be able to run all software as usual.
What's the best way to do that?
I know that Software Restriction Policy doesn't work well with User OUs (Computer Settings).
AppLocker has problems with whitelisting (we need to block everything what's not on the allowed list and not block programs manually).
We also have Sophos Application Control, but this one again applies to Computer OUs, not User OUs.
We are using Windows 8.1 and Windows 2008 R2.