1. Logon to your domain controller and access Group Policy Management Console
2. Create a new policy and link it to the required OU which stores your computers or edit an existing policy
3. Within the policy navigate to Computer Configuration > Policies > Windows Settings > Security Settings > File System
4. Right click File system > click Add File
5. Type C:\Windows\System32\Utilman.exe
6. Click OK
Add in the Everyone group and deny Read and Execute, List Folder Contents and Read. Click apply
Click Yes, select “replace existing permissions on all subfolders and files with imnheritable permissions” and click OK
7. Reboot a machine and test again. May need to wait for replication to occur around the network.
Always test before applying to live environment