Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Disable powershell (any Exes) using Software Restriction Policy (GPO)

            Created by Raeez Abdulla, Modified on Wed, 24 Apr, 2024 at 12:29 PM by Raeez Abdulla

            This guide will walk you through the process of using group policy to disable PowerShell. Furthermore, it will demonstrate how to selectively enable it for specific users, such as administrators, while keeping it disabled for all other users.


            1. Access Group Policy Editor on the domain controller:
              • Press Windows + R to open the Run dialog.
              • Type gpedit.msc and press Enter to open the Group Policy Editor.

            2. Create a GPO to block the executable.
              Provide a name for the GPO
            3. Edit the newly created GPO and navigate to the following path: User Configuration -> Policies -> Windows Settings -> Security Settings -> Software Restriction Policies.
              Right-click “Software Restriction Policies” and select “New Software Restriction Policies”


            4. Once the policy is created, navigate to Additional Rules, then right-click and choose New Path Rule.


            5. Enter the Powershell.exe and other exe path in the path and set the security level to Disallowed and click OK.

              Paths to block are:
              • c:\windows\system32\windowspowershell\v1.0\powershell.exe
              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe
              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe
              • C:\Windows\system32\cscript.exe
              • C:\WINDOWS\System32\WScript.exe
              • c:\windows\system32\netsh.exe
              • c:\windows\system32\cmd.exe

            6. Link the GPO to appropriate OU.  You need to reboot the machine for the policy to take affect.


            You may need to allow administrators to run powershell, for allowing this follow below steps.


            •  Create a new Active Directory Security group. and add all admins need access to powershell  and other blocked execs to the group.

            •  Go to the GPO you created and click on the delegation tab.


            • Click Advanced  > Add,  then select the security group you created that has users you want to enable PowerShell and other blocked execs and click OK.

              In the permissions section make sure the group is selected and it has only these permissions

            • Read is set to allow

            • Apply group policy is set to Deny


            Now any user you add to the security group will get denied this policy and enable them to run PowerShell nd other blocked execs.




            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0