Recently, I was asked about a way to restrict the use of some applications on end User machines.
Often, one of the reasons you would need to this involve blocking Torrent software or specific software, which goes against your policy.
With a Mac OS X 10.8 Server environment, it was simple
(Depending on the type of binding you are using authenticated vs anonymous, you can push these restrictions, to the users, the group of users, or the machines themselves which then affects anyone on the machine)
On your Open Directory Master
Go to Workgroup Manager 10.8
STEP 1: Select the Group tab
STEP 2: Select the group of Users you want to affect with this restriction
STEP 3: Click on the Preferences Logo
STEP 4: Select Applications
STEP 5: Go to the Legacy tab
STEP 6: Move the Manage Option from Never to Always
STEP 7: Select Allow all Applications except these
STEP 8: Drag and Drop the application you want to block into the list
STEP 9: Uncheck the bottom option to Allow Approved Apps to launch non-approved Apps
STEP 10: Apply Now
And you are done.
All that is left is to make sure the intended users logs out and logs back in and the new restrictions will take effect.