Software Restriction Policies (SRP) are a feature in Windows that allows administrators to control which applications can run on a system. This is essential for maintaining security and ensuring that only authorized software is executed. SRP can be configured via Group Policy in Windows environments, making it a powerful tool for system administrators.

Examples:

1. Creating a Software Restriction Policy via Group Policy:

   • Open the Group Policy Management Console (GPMC) by typing gpmc.msc in the Run dialog (Win + R).
   • Navigate to the appropriate Group Policy Object (GPO) where you want to define the policy.
   • Right-click the GPO and select "Edit" to open the Group Policy Management Editor.
   • Go to Computer Configuration -> Windows Settings -> Security Settings -> Software Restriction Policies.
   • If no policies are defined, right-click on "Software Restriction Policies" and select "New Software Restriction Policies".
   • You can define rules under "Additional Rules" to specify which software is restricted or allowed. Rules can be based on hash, certificate, path, or network zone.

2. Configuring a Path Rule:

   • In the "Additional Rules" section, right-click and select "New Path Rule".
   • Enter the path of the software you want to restrict, e.g., C:\Program Files\UnwantedApp\*.
   • Set the security level to "Disallowed" to prevent the software from running.

3. Using PowerShell to View SRP Settings:

   • Open PowerShell as an administrator.
   • Use the following command to view the current SRP settings:

     Get-GPResultantSetOfPolicy -ReportType HTML -Path "C:\SRPReport.html"

   • This command generates an HTML report of the applied policies, which includes Software Restriction Policies.

4. Executing SRP via CMD:

   • While SRP is primarily managed through Group Policy, you can use the gpupdate command in CMD to apply changes immediately:

     gpupdate /force

   • This command ensures that any changes made to the Group Policy are applied without delay.