December 22, 2003, 12:00 AM — Preventing the execution or installation of unauthorized programs on
Windows 2003 Server and Windows XP is now possible with a new feature
called software restriction policies. Software restriction polices
allow you as an administrator to control what programs are installed on
the servers and workstations in your environment, thus creating a more
secure and supportable infrastructure to manage.
Software restriction policies are a special type of group policy that
can be applied to either users or machines. Additionally, they can be
applied to a single computer, OU, domain or site object within Active
Directory. If you apply the software restriction policy to a user, that
policy will be active no matter where the user logs on to the network.
If the policy is applied to a machine, then any user of that machine
will receive that policy.
Software restriction policies utilize two different rules - either
"unrestricted" or "disallowed". By using the