Purpose
The purpose of this post is to block an executable on a network of PCs.
Steps
The purpose of this post is to block an executable on a network of PCs.
Steps
Here are the steps to block the VNC.exe program (or any executable) on all domain PCs, even if you don’t know its location:
- Open the Group Policy Management Editor:
- On the server, open “Server Manager” and select “Tools” > “Group Policy Management”.
- Create a new GPO:
- Right-click on the domain or the organizational unit (OU) where you want to apply the policy and select “Create a GPO in this domain, and Link it here”.
- Name the new GPO, for example, “Block VNC.exe”.
- Configure the GPO:
- Right-click on the new GPO and select “Edit”.
- Navigate to “Computer Configuration” > “Policies” > “Windows Settings” > “Security Settings” > “Software Restriction Policies”.
- Right-click on “Software Restriction Policies” and select “Create New Policies”.
- Add a path-based restriction rule:
- Under “Additional Rules”, right-click and select “New Path Rule”.
- In the path field, enter *\\pp.exe to block any file named vnc.exe regardless of its location.
- Set the rule to “Disallowed”.
- Apply the GPO:
- Close the Group Policy Management Editor.
- In the “Group Policy Management” console, ensure the GPO is linked to the correct domain or OU.
- Update policies on domain PCs:
- On each domain PC, open a command prompt and run gpupdate /force to apply the new policies immediately.
These steps should help you block the vnc.exe program on all domain PCs, regardless of its folder location.
You only have to modify what is in yellow, the rest of the GPO content will be added by itself.
By GoN | Published: Jan 2025 | Last Updated:
No hay comentarios:
Publicar un comentario