bg1: how to block notepad using a GPO on windows server 2003 - HotUKDeals
We use cookie files to improve site functionality and personalisation. By continuing to use HotUKDeals, you accept our cookie and privacy policy.
Get the HotUKDeals app free at Google Play

Search Error

An error occurred when searching, please try again!

Login / Sign UpSubmit

bg1: how to block notepad using a GPO on windows server 2003

£0.00 @
anyone know how to do it. Read More
black gerbil1 Avatar
7y, 1w agoPosted 7 years, 1 week ago
anyone know how to do it.
black gerbil1 Avatar
7y, 1w agoPosted 7 years, 1 week ago

All Comments

(5) Jump to unreadPost a comment
1 Like #1
Quick search bought this back if it helps?

Windows Server 2003
introduced Software Restriction policies. A number of software-restriction options are available, such as blocking files based on their hash value (which means renaming a file won't allow it to be run), and restricting based on code-signing levels.

1. Start the GPMC, and open a GPO to edit.

2. Right-click Software Restrictions, and select New Software Restriction Policies.

3. Two nodes will appear under Software Restriction Policies: Security Levels and Additional Rules. Select Security Levels.

4. Under Security Levels, three levels are displayed: Disallowed is for default blocking of all software, Basic User is for software that can run but will run without administrator credentials, and Unrestricted allows all software to run. If you right-click any option but Unrestricted, the option to “Set as default” appears, forcing the policy to that mode (Unrestricted is already the default). If you leave Unrestricted as the default, you can then add entries to Disallowed to block certain applications/source. Alternatively, you can set Disallowed as the default, then add exceptions to Basic User/Unrestricted that can run. This is a lot of work but is necessary for a very controlled environment.

5. We want to add a disallowed rule, so select Additional Rules.

6. Right-click Additional Rules, and the various types of rules appear (i.e., hash, certificate, Network Zone, and Path). Select New Path Rule.

7. Enter the path name or filename, and enter a description. You can browse if the path is locally available. Click OK. You can use environment variables as part of path rules. For example, instead of using C:\Program Files, I can use %ProgramFiles%, %ProgramFiles(x86)% (for 64-bit platforms), and %windir%. You can also use a wildcard (*) as part of the path. I could enter %windir%\notepad.exe.

8. Click OK, and close the GPO Editor.

After the client refreshes, Group Policy disallows the specified application or any application in the specified path. In my case, I can't run Notepad.
Unplug it

ty woz
Woz is spot on.

option 2, write a script to delete notepad.exe lol
[ ] show interest

Post a Comment

You don't need an account to leave a comment. Just enter your email address. We'll keep it private.

...OR log in with your social account

...OR comment using your social account

Thanks for your comment! Keep it up!
We just need to have a quick look and it will be live soon.
The community is happy to hear your opinion! Keep contributing!