Software Restriction Policy Settings

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Software Restriction Policies

This security setting allows you create or change a software restriction policy.


GPO_name\Computer Configuration\Windows Settings\Security Settings\Software Restriction Policies\

Default Values
Server Type or GPO Default Value

Default Domain Policy

Not defined

Default Domain Controller Policy

Not defined

Stand-Alone Server Default Settings

Not defined

DC Effective Default Settings

Not defined

Member Server Effective Default Settings

Not defined


When you create a software restriction policy, you can prohibit users from running administratively specified software on their computers. More restrictively, you can prevent the use of all except administratively specified software on their computers. Optionally, local administrators can be exempted from software restriction policy.

You can exempt software from restriction if the software publisher is trusted by the group that you specify: End users, local computer administrators, or Enterprise administrators.

You can create rules to override the default security level. These rules can be based on certificates, hashes, Internet zones, and paths.

You can create at most one wireless network policy per Group Policy object (GPO).

The wireless network policies security setting does not appear in the local GPO.