Restricting Software Installation on VMs by Setting Group Policies on the AD in FusionAccess

Publication Date:  2015-03-05 Views:  365 Downloads:  0
Issue Description
Customers may have undesired software installed because of software bundling. 
Handling Process
1. Log in to the AD as a domain administrator or administrator and open the Group Policy Management dialog box.

2. To set software restriction policies for all the computers in all domains, edit the default domain policy of the domains. 

3. To set software restriction policies for the computers in an OU, create a group policy object (GPO) in the OU and define group policies. 

4. In the Group Policy Management Editor window, locate Software Restriction Policies.

5. Right-click Software Restriction Policies and choose New Software Restriction Policies.

6. Right-click Additional Rules and choose New Hash Rule.

7. Select Disallowed from Security level, click Browse to select the software to be restricted, for example, select Eyefoo, and click OK.

8. On the AD, choose Start > Run, enter cmd, and press Enter.
9. Run gpupdate /force.

10. Verify whether the group policy is successfully set.
a) Log in to a VM in the domain.
b) Choose Start > Run, enter cmd, and press Enter.
c) Run gpupdate /force.
d) Double-click Eyefoo to install it.
If the installation is restricted, the group policy is successfully set.
Root Cause
In software business, a group of software packages are usually bundled and sold as one combined product. Customers may have undesired software installed.
Hash rules can be defined through group policies for specific software to prevent the software from being installed.
Suggestions
It is difficult to manage software installation in an open network environment. However, you can define group policies to prevent risky software from being installed. When setting group policies, you must specify the installation package to be restricted. If the software is frequently updated, you need to manually update the group policies. The group policies cannot restrict installation of green software. 

END