I am in need of a Powershell script that will create a local GPO on a non-domain joined Win7 desktop to limit access to 3 executables AND if possible apply that GPO at the top level to everyone but the local Administrator account.
I am wondering if someone might be able to provide some assistance or lead me in the right direction. I am NOT a skilled powershell scripter, just a guy in need of one. But I can sometimes piece things together properly.
You're basically talking about whitelisting. The operating system wouldn't function if you could only launch those executables. There are entire software solutions dedicated to what you asking to do like RES Software, Carbon Black, Bit9. Do you just want the users to be able to see the backup utility? You could attempt to basically make the workstation a kiosk and only show the backup icons with GPO, but you don't need powershell for that.