How to Prohibit Software Installation in Windows AD

active-directorydomain-controllergroup-policywindows-server-2012-r2

I've different OUs for different Departments. For Example Mechanical OU and Programmers OU. I don't want to block the users entirely from installing and Uninstalling software. For example users of mechanical OU should be able to install CAD software(such as AutoCAD, SolidWorks) Programmers shouldn't be able to install those softwares on their system. Programmers should only be able to install and uninstall software that they need and vice versa. How can I achieve that?

Best Answer

I'd look at using Applocker policies deployed from AD GPO. It's the technology progression of Software Restriction Policies and has some good features for application whitelisting/blacklisting. Check here for the MS guide on how to configure it:

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/applocker/maintain-applocker-policies#bkmk-applkr-use-gp

The info says it applies to Windows 10 but Applocker policies can be deployed to Windows 7 & up. Hope that helps.

Cheers

Joe

Best Answer

Related Solutions

How to prevent users from installing software

Assigning software through group policy – how does client know if the package is installed or not

Related Topic