1. Log in to the AD as a domain administrator or administrator and open the Group Policy Management dialog box.
2. To set software restriction policies for all the computers in all domains, edit the default domain policy of the domains.
3. To set software restriction policies for the computers in an OU, create a group policy object (GPO) in the OU and define group policies.
4. In the Group Policy Management Editor window, locate Software Restriction Policies.
5. Right-click Software Restriction Policies and choose New Software Restriction Policies.
6. Right-click Additional Rules and choose New Hash Rule.
7. Select Disallowed from Security level, click Browse to select the software to be restricted, for example, select Eyefoo, and click OK.
8. On the AD, choose Start > Run, enter cmd, and press Enter.
9. Run gpupdate /force.
10. Verify whether the group policy is successfully set.
a) Log in to a VM in the domain.
b) Choose Start > Run, enter cmd, and press Enter.
c) Run gpupdate /force.
d) Double-click Eyefoo to install it.
If the installation is restricted, the group policy is successfully set.