I am working on implementing user based software restriction policy programmatically for local group policy object. If I create a policy through Domain Controller,I do have option for software restriction policy in user configuration but in local group policy editor I don't have option for that. When I look for the changes made by policy applied from Domain Controller in registry, they modify registry values for specific users on path HKEY_USERS(SID of User)\Softwares\Policies\Microsoft\Windows\Safer\Codeidentifiers They also have registry.pol stored in SYSvol folder in Domain Controller. When I make the same changes in registry to block any other application, application is getting blocked. I achieved what I wanted but is it right to modify registry values ?
PS:- I am using Igrouppolicyobject API
I have found the answer,
IGroupPolicyObject - Windows API to create/update policies programmatically.
I would recommend you to go through this links, they will explain in deep about accessing Group Policies programmatically.