How to exclude groups of users from Silent app using GPO

Let’s say that You have a small group of users who are using shared computers, and you wish to track only specific users of those computers. If this scenario applies to you, please read on.

Essentially, you need to add an exception in the system configuration, meaning you'll have to block the app from creating more users by applying GPO for certain groups within their domain.

Steps to follow:

1. Click on Search and type Run.

2. Type “gpedit.msc“, then press “Enter“. The Group Policy Editor appears.

3. Expand “User Configuration” > “Administrative Templates“, and then select “System

4. Open the policy “Don’t run specified Windows applications

5. Set the policy to “Enabled“, then select “Show…"

6. Add the programs you would like to prevent the user from running to the List of disallowed applications. Use the name of the application launching file, in this case it is sfproc.