Bolster Desktop Security with Software Restriction Policies

You’ve probably heard about software restriction policies. These policies are created in Windows Active Directory Group Policy and allow you to deny applications or allow applications at the desktop. Of course, denying “bad” applications using blacklisting is like chasing your tail. You’ll never be able to identify all the “bad” applications users might use. However, whitelisting applications is a realistic goal. The trick is to determine what are your “good” applications.

In the past you might have avoided software restriction policies because you thought it was too hard to determine what applications the users are using and that deploying a dysfunctional software restriction policy could get you into hot water with your users and worse, with your boss.

The good news is that there are number of techniques that you can use to determine what the “good” applications are in your environment. You can then use this information to create your white list applications and configure those into software restriction policies.

For more information on how to detect your white list applications and how to configure the software restriction policy, check out:



Thomas W Shinder, M.D.

Email: [email protected]
MVP – Microsoft Firewalls (ISA)

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top