I am trying to block the execution of regsvr32 by normal domain users. I have the default rule which allows to everyone the execute all files located in windows folder.
Now I would like to deny the execution for regsvr32 to anybody who is not local admin.
I tried to create such a rule in Applocker but I didn't succeed.
Any suggestion?
Thanks.