As mentioned above, if the user can change the name of the executable file based on the name limit of the program, the limit will be invalidated. However, if the user modifies the file name, the restriction is valid, if the software hash value is limited, the configuration steps:
First Open Group Policy Management, right-click Edit on the GPO that needs to be edited
650) this.width=650; "title=" 2.png "alt=" wkiol1yt3xhzhvamaan0lu9cgja341.jpg "src=" http://s3.51cto.com/wyfs02/M01/ 74/e5/wkiol1yt3xhzhvamaan0lu9cgja341.jpg "/>
In User Configuration > Policies >windows Settings > Security settings > Software restriction Policies > Right-click Create software restriction Policies
650) this.width=650; "title=" 3.png "alt=" wkiom1yt33wy6puzaalj9bdgpkk335.jpg "src=" http://s3.51cto.com/wyfs02/M00/ 74/e9/wkiom1yt33wy6puzaalj9bdgpkk335.jpg "/>
Click on other rules, right in the right margin, click New Hash rule
650) this.width=650; "title=" 4.png "alt=" wkiol1yt4csq2ir3aaka4cvf1pc614.jpg "src=" http://s3.51cto.com/wyfs02/M02/ 74/e6/wkiol1yt4csq2ir3aaka4cvf1pc614.jpg "/>
Click to browse, here need to be prepared in advance to prohibit the application, such as copy from the client, or through the network share can also choose, here I prepared the Win7 system of PowerShell files, security level is the default "not allowed"
650) this.width=650; "title=" 5.png "alt=" wkiom1yt4tqh6ohmaanemr-blzo929.jpg "src=" http://s3.51cto.com/wyfs02/M01/ 74/e9/wkiom1yt4tqh6ohmaanemr-blzo929.jpg "/>
The File Information Bar displays basic information such as the file version number
650) this.width=650; "title=" 6.png "alt=" wkiol1yt4fid-9inaanldd8fsio135.jpg "src=" http://s3.51cto.com/wyfs02/M01/ 74/e6/wkiol1yt4fid-9inaanldd8fsio135.jpg "/>
Finally click OK, then Win7 the client gpupdate, log off and re-login, run PowerShell and see the effect:
650) this.width=650; "title=" 7.png "alt=" wkiol1yt4ydcutrjaac15fvbxg0301.jpg "src=" http://s3.51cto.com/wyfs02/M01/ 74/e6/wkiol1yt4ydcutrjaac15fvbxg0301.jpg "/>
One thing to note here is that because different systems may not have the same version of the same software, and the hash value is not the same, there is a need to create multiple software restriction policies, such as restricting the PowerShell versions of powershell,win7 and WIN8 to different hash values, It is necessary to establish multiple policies for multiple PowerShell versions.
Windows R2 AD Series III: Restricting programs with hash rules