How to Exclude Groups of Users from Silent App Using GPO

If you have a group of users who are using shared computers and you wish to track only specific users of those computers, the instructions below apply to you. 

Essentially, you need to add an exception in the system configuration, meaning you'll have to block the app from creating more users by applying GPO for certain groups within their domain.

Steps to Follow:

1. Click on Search and type Run.

2. Type gpedit.msc then press Enter. The Group Policy Editor appears.



3. Expand User Configuration / Administrative Templates and then select System



4. Open the policy Don’t run specified Windows applications

5. Set the policy to Enabled, then select Show…

6. Add the programs you would like to prevent the user from running to the list of disallowed applications. Use the name of the application launching file, in this case, it is sfproc.