No announcement yet.

GPO for allowing/restricting something for AD group

  • Filter
  • Time
  • Show
Clear All
new posts

  • GPO for allowing/restricting something for AD group

    Good day friends,

    I have a situation here and i need your expertise to get me through it.I'm a newbie in GP so there's a lot of things that I need to know how they work,especially on the precedence matter.

    The situation is like this,I want to block an app by software restrictions for users controlled by hash.How can I create a gpo that blocks this app and then only allows certain users(security group) to access it?I've tried creating 2 gpo's linked to the OU that I wanted to control.The gpo precedence is linked in these order:

    Allow Apps(applied to GROUP1 only)
    Block Apps(applied to Authenticated Users only)
    Default domain policy

    With this,all the test users within that OU can't access the specified apps even though the users are in GROUP1 group.How can i make this possible?

    Your help on this matter are highly appreciated,thank you.

  • #2
    Re: GPO for allowing/restricting something for AD group

    It's probably going to be easier if you go from the opposite direction. Create a group that is NOT allowed to run the apps and add the disallowed users to this group, then create one GPO with your Software Restrictions settings and link it to the OU, remove the Autenticated Users from the Security Filtering of the GPO and add your Restricted Software group.


    • #3
      Re: GPO for allowing/restricting something for AD group

      thank you joeqwerty for your valuable info.Actually I've did like you mentioned at first and it definately works.But it would be easier task for me if we could block the app by default for all users and only maintain a group of users that can access the app.Anyway I'm definately going to use it if no other solutions are found.Thank you for your help and much appreciated.