Customers may have undesired software installed because of software bundling.
1. Log in to the AD as a domain administrator or administrator and open the Group Policy Management dialog box.
2. To set software restriction policies for all the computers in all domains, edit the default domain policy of the domains.
3. To set software restriction policies for the computers in an OU, create a group policy object (GPO) in the OU and define group policies.
4. In the Group Policy Management Editor window, locate Software Restriction Policies.
5. Right-click Software Restriction Policies and choose New Software Restriction Policies.
6. Right-click Additional Rules and choose New Hash Rule.
7. Select Disallowed from Security level, click Browse to select the software to be restricted, for example, select Eyefoo, and click OK.
8. On the AD, choose Start > Run, enter cmd, and press Enter.
9. Run gpupdate /force.
10. Verify whether the group policy is successfully set.
a) Log in to a VM in the domain.
b) Choose Start > Run, enter cmd, and press Enter.
c) Run gpupdate /force.
d) Double-click Eyefoo to install it.
If the installation is restricted, the group policy is successfully set.
In software business, a group of software packages are usually bundled and sold as one combined product. Customers may have undesired software installed.
Hash rules can be defined through group policies for specific software to prevent the software from being installed.
It is difficult to manage software installation in an open network environment. However, you can define group policies to prevent risky software from being installed. When setting group policies, you must specify the installation package to be restricted. If the software is frequently updated, you need to manually update the group policies. The group policies cannot restrict installation of green software.