Denying executable to Domain Users

Toggle sidebar Toggle sidebar
S

sicsicsic

Member
Jul 28, 2005
51
0
0
We run Citrix on 5 separate servers. Users are complaining that one of the applciation is having necessary components blocked by a mysterious gray box. I have found that it is the language bar causing the problem. I also found that denying permission to run ctfmon.exe would solve the problem.

No one needs the language bar so it wouldn't be an issue. I just can't figure out how to perform the fix. I tried playing with GPO and other things, but I'm not seeing how to do this.

I'm sure it's very simple and any help would be greatly appreciated.

Thank you!
 
RadiclDreamer

RadiclDreamer

Diamond Member
Aug 8, 2004
8,622
40
91
Editing the Local Policy on a Windows 2000-Based Computer
To restrict users from running specific Windows programs on a standalone Windows 2000-based computer:

1. Click Start, and then click Run.
2. In the Open box, type gpedit.msc, and then click OK.
3. Expand User Configuration, expand Administrative Templates, and then expand System.
4. In the right pane, double-click Don't run specified Windows applications.
5. Click Enabled, and then click Show.
6. Click Add, and then type the executable file name of the program that you want to restrict users from running. For example, type iexplore.exe.
7. Click OK, click OK, and then click OK.

NOTE: If domain-level policy settings are defined, they may override this local policy setting.
8. Quit Group Policy Object Editor.
9. Restart the computer.

Editing the Group Policy in a Domain
To edit a domain-wide policy to restrict users from running specific Windows programs:

1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
2. Right-click your domain, and then click Properties.
3. Click the Group Policy tab.
4. In the Group Policy Object Links box, click the group policy to which you want to apply this setting. For example, click Default Domain Policy.
5. Click Edit.
6. Expand User Configuration, expand Administrative Templates, and then expand System.
7. In the right pane, double-click Don't run specified Windows applications.
8. Click Enabled, and then click Show.
9. Click Add, and then type the executable file name of the program that you want to restrict users from running. For example, type iexplore.exe.
10. Click OK, click OK, and then click OK.
11. Quit Group Policy Object Editor, and then click OK
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom