Restrict users from running specific Windows programs
Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
Right-click your domain, and then click Properties.
Click the Group Policy tab.
In the Group Policy Object Links box, click the group policy to which you want to apply this setting. For example, click Default Domain Policy.
Click Edit.
Expand User Configuration, expand Administrative Templates, and then expand System.
In the right pane, double-click Don't run specified Windows applications.
Click Enabled, and then click Show.
Click Add, and then type the executable file name of the program that you want to restrict users from running. For example, type iexplore.exe.
Click OK, and then click OK.
Quit Group Policy Object Editor, and then click OK.
اگرسیستم عامل Server 2008 Or Win 7 میباشد Feature جدید ازسمت مایکروسافت برای محدود کردن نرم افزارها AppLocker برای رفتن به مسیر AppLocker از gpedit.msc در Win7 و اضافه کردن یک GP در Server 2008 و
Computer Configuration, Windows Settings, Security Settings, Application Control Policies, AppLocker
ویک Rule تعریف کنید.