Zero Client Computing

How to Restrict Users from Running Specific Applications?


In Shared Computing, application installation must be done by the administrator. Normally applications will be installed under program files and be run by all terminal uses. In some implementations, certain applications installed on the shared host are not supposed to be run by some terminal users. In this case, the admin will be asked to figure out a way to restrict users from running specific applications in the shared environment.

1. Applications to be run by admins only.

When using vCloudPoint Shared Computing solution with vMatrix Server Manager, if the admin does not want an application to be used by any terminal user, he simply installs the application in a disk partition that is configured invisible to terminal users, e.g. E: drive. Storage visibility can be configured at vMatrix Server Manager -> Configurations -> Storage Visibility.

2. Applications to be run by a specific user only.
If an application is supposed to be run by a specific user, e.g. an accountant application by the accountant, during installation, the admin can change the installation path to the user’s personal folder in the system drive, i.e. C:Users(name of this user). The subfolders under the “Users” folder in C drive is named by the usernames and the files inside are only accessible to their owners (and admins).
3. Applications to be run by certain users

If an application is supposed to be used by specific users or groups, the admin can use the AppLocker Group policy to restrict other users from running the application.

1) AppLocker Group Policy needs to be used with User Account Control (UAC). To enabling UAC: Open control panel, click User Account and Family Safety ->
Click User Account -> Click Change User Account Control Settings-> Adjust the level to the third level or the highest level and click OK-> AC settings are completed; restart the host.
2) Before setting up AppLocker, please standardize the program installation path, be sure to install the required programs in C: Program Files or C: Program Files (x86) path. As Program Files folder is a kind of system file, which requires the administrator permission to make changes.
3) Recommended operating systems: Windows 7 (Ultimate, Enterprise), Windows 8.1 Enterprise, Windows 10 (Professional, Enterprise), Server 2008R2 Standard, Datacenter, Server 2012R2 (Standard, Datacenter), Server 2016 (Standard, Datacenter).

Quick Configuration Steps:

  • Enter Service, set the Application Identity startup type to automatic
  • Enter the local Group Policy Editor àAppLocker
  • Executable rulesà Windows installer rulesà and script specifications create default rules
  • AppLocker open Configuration rules
  • Restart the host, Then the AppLocker settings will take effect.

Download Detailed Guide
Follow us on Facebook to get update news on vCloudPoint products and the company.
img youtube img
© 2019 vCloudPoint, All rights reserved
View OnlineUnsubscribe