![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 94%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello Satyanarayana Pathi,
Thank you for posting in Q&A forum.
To prevent domain users from installing software through Active Directory Group Policy Objects (AD GPOs), you can create and configure the corresponding GPOs by following these steps:
Open the Group Policy Management Console.
In GPMC, right-click on the domain or organizational unit (OU) where you want to link the new GPO, and then select "Create a GPO in this domain, and Link it here".
Name the new GPO, such as "Restrict software installation".
Right click on the GPO you just created and select "Edit".
In the Group Policy Management Editor, navigate to User Configuration>policy>administrative templates>system
Double click on the "system" with the left button,select run only specified Windows applications on the right side.
Attempt to install or uninstall software to ensure that the policy has been correctly applied, then type the software installation package that needs to be disabled according to the prompts.
However, GPO cannot handle the uninstallation of restricted software, I am very sorry.
This is a picture about the path:
Please note that these steps will prevent all users affected by this GPO from installing software. Ensure that you apply this GPO only to those users or user groups that require these restrictions to avoid affecting users who need to install software.
Additionally, remember to test the policies before implementing them to ensure they do not disrupt normal business operations. Test in a controlled environment, and if everything works as expected, proceed to deploy in the production environment.
You can also consider App locker or Software Restriction Policies Under Computer Configuration.
https://learn.microsoft.com/en-us/windows-server/identity/software-restriction-policies/administer-software-restriction-policies
I hope the information above is helpful.
If you have any questions or concerns, please feel free to let us know.
Best Regards,
Daisy Zhou
If the Answer is helpful, please click "Accept Answer" and upvote it.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)