In AppLocker GPO, how can I create a DENY rule to deny 'everyone' from PowerShell & PowerShell ISE (both x64 & x86) & ALLOW it to only authorized users?
My thought is:
Create two DENY rules (one for x64, one for x86) to deny 'everyone':
1. DENY
%system32%\WindowsPowerShell\v1.0\powershell.exe
2. DENY
%syswow64%\WindowsPowerShell\v1.0\powershell.exe
But from my understanding, deny rule always take precedent, how can I go about ALLOW authorized users to use PowerShell?
Please shed some lights.
Best Regards,