Help creating GPO to disable access to specific .exe files

Welcome Forums General PowerShell Q&A Help creating GPO to disable access to specific .exe files

This topic contains 3 replies, has 2 voices, and was last updated by

 
Participant
2 years, 1 month ago.

  • Author
    Posts
  • #54441

    Participant
    Points: 0
    Rank: Member

    Hello,

    Hello,

    Any help is certainly appreciated! Thank you!

    I am in need of a Powershell script that will create a local GPO on a non-domain joined Win7 desktop to limit access to 3 executables AND if possible apply that GPO at the top level to everyone but the local Administrator account.

    I am wondering if someone might be able to provide some assistance or lead me in the right direction. I am NOT a skilled powershell scripter, just a guy in need of one. But I can sometimes piece things together properly.

    If it helps, the files are:

    C:\Program Files (x86)\Carbonite\Carbonite Backup\carbonitesetup.exe
    C:\Program Files (x86)\Carbonite\Carbonite Backup\carboniteui.exe
    C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

  • #54525

    Participant
    Points: 158
    Helping Hand
    Rank: Participant

    You're basically talking about whitelisting. The operating system wouldn't function if you could only launch those executables. There are entire software solutions dedicated to what you asking to do like RES Software, Carbon Black, Bit9. Do you just want the users to be able to see the backup utility? You could attempt to basically make the workstation a kiosk and only show the backup icons with GPO, but you don't need powershell for that.

  • #54557

    Participant
    Points: 0
    Rank: Member

    Actually, I want the reverse of what you are suggesting. I want the computer to function normally, I just don't want them to have access to the backup software UI.

  • #54559

    Participant
    Points: 158
    Helping Hand
    Rank: Participant

    This is a single computer? I don't know that a scripted solution is still what you are looking for:

    • Option 1 – If the software has a login or security, create a Carbonite local group, add Administrator to group and update security to only allow Carbonite group
    • Option 2 – Update ACL's on the files to remove users or create a Carbonite local group, add Administrator to group and update the ACL

The topic ‘Help creating GPO to disable access to specific .exe files’ is closed to new replies.