GPO to Block Specific executables
We've got a staff member who has managed to install Firefox on one of our locked down workstations. I wiped it off once, but just 10-15 minutes later, it was back. We use Ranger so it should be blocking it's installation, but after a look through his USB stick via RRC, I noticed two files which look like LanSchool disable scripts (Seems to kill "teacher.exe"?). My colleague said they could be normal files used by LanSchool, but I'm a bit of a security freak. We don't use LanSchool, but this staffer may have come from a school that was using it, and I'm concerned he may have Ranger disable scripts somewhere if he feels restricted by Ranger (we have workstations pretty well locked down).
This is a bit of a security issue for obvious reasons, that, and the staffer isn't following policy by filling out a change request and getting it cleared by my boss for it's installation. The PC is on a VLAN that has no direct access to the internet but has ISA's Firewall Client installed, so would not having the proxy option set, but be querying ISA directly using the firewall client get around the filtering WebMarshal does?
Finally, is there a blacklist for specific executables in Group Policy anywhere? There are all manner of programs installed on all of our workstations so want to avoid a whitelist-only approach if it's possible.
Thanks in advance.