How to Restrict File Types Recognized as Possible Crypto Threats with Group Policy

Step #




Log in to a PC that has The Application That File Extension Uses and Domain Administrative Tools installed.



From the Server Manager Screen: 

Select Tools > Group Policy Management


Right-click on Group Policy Projects and select New.


Name the new GPO Disallowed File Extensions and then, click OK.

Create the Disallowed File Extensions Policy


In the right pane of the GPO management console, find the policy: "Disallowed File Extensions" and select Edit.


Navigate to Computer Configuration > Preferences > Control Panel Settings > Folder Options.

Right-click on it and choose New > File Type from the context menu.


From there, click the Actions drop-down menu and choose the Create option.

File extension: Enter the file extension block

Associated class: Select the application that uses this file.

Click OK to Save.

Repeat Steps 5 and 6 for each extension that needs to be entered.

Note: application must be installed on the device you are creating the GPO on or else it will not be available in the list.



Apply the rule to the top of the domain infrastructure so it will apply to every device on the domain.