How to prevent the installation of games in Windows 7. Ban the installation of unwanted programs using AppLocker

If, out of necessity, a desktop computer or laptop is used by not one, but several users, it is quite natural that each of them can install on the system the programs that he needs for everyday work or entertainment. This can lead to unpredictable consequences, which relate to possible disruption of the functionality of the operating system.

Prohibiting the installation of programs in Windows XP and in systems of a higher rank for one or more users at a general level can be quite simple. However, the most logical solution, which consists in excluding users from the administrator group or increasing the level of UAC control, does not have an effect in the seventh version of Windows and later modifications of the system, since in them you can still use the installer to start as an administrator. Despite this, several options for setting a ban can still be applied.

Does it require a ban on software installation?

First, let's take a brief look at why and why such bans need to be introduced by the administrator.

The problem here is not even that the user can install completely unnecessary software, but rather that during the installation of some applications, a huge amount of so-called affiliate software can very often be installed (which is often ignored by many users due to their inattention). In addition, some viruses (for example, advertising ones) are very successfully disguised as such applets.

In general, installing unnecessary software products leads to cluttering of the hard drive and a decrease in computer performance in the case when installed programs register their own settings in the system startup and in the system registry. And without special knowledge and skills, it can be extremely difficult to remove installed applications as completely as possible, and it is best not to rely on Windows tools.

How to prevent installation of programs on Windows 7 in Group Policy settings?

Since we will further discuss the seventh modification of the system, we will start from its basic settings and parameters. But the solutions provided can be similarly applied in later versions of the OS. So, how can you prevent the installation of programs on Windows 7 for all users at a general level, including possible installations initiated by the applications themselves, for example, during an update? This can be done through group policies. Access to the editor is carried out by the gpedit.msc command, which is registered in the “Run” menu (you must check the box at the point where you can run the task with administrator rights).

In the editor, you should use the Administrative Templates and Windows Components sections, and then select the installer blocking option from the list. After this, double-click to edit this parameter, set it to enabled and apply the changes.

Actions with equipment

In Windows 7, access to setting bans on any actions performed by a potential user of the system can also be obtained through the so-called snap-in management console (mmc).

Here, first, through the file menu, you need to select adding a new snap-in, then select group policies in the list of available tools and use the add button to add it to the list of the window on the right. In the new window that opens, use the browse button to open another window, go to the “Users” tab and mark the user for whom the ban should apply.

Once the snap-in code is added through the “File” menu, it must be saved using the standard method of assigning the registered admin name as the name. After this, you need to repeat the above steps, but in this case, installation of programs in Windows 7 will be prohibited only for the selected user.

Note: if necessary, you can create several snap-ins or set bans for all registered users.

How to prevent a user from installing Windows 7 programs using parental control settings?

To set bans, you can use another method, which, according to most experts, is the simplest and does not require special knowledge of system tools. How to prevent installation of programs on Windows 7 and higher systems using this tool? To do this, in the “Control Panel” you need to use the account management section and select the item to install parental controls.

Next, the user for whom the ban will be set is simply marked, and the corresponding parameter for restricting the launch of programs is activated. The system will automatically create a list of applications that can be blocked, but if the program is not found, you can specify the path to it yourself using the browse button.

But, judging by the advice of experts, you need to clearly understand that the disadvantage of this technique is that you can only limit the start of installed applications, and not those that the user is going to install, although, if desired, you can add Windows installers to the list.

Setting a ban in the registry

Speaking about how to prohibit the installation of programs on Windows 7 regarding restricting the launch of the applications themselves or the system installer, you can use an equally effective method, which consists of changing the key in the registry (regedit) that is specifically responsible for this.

The section is called DisallowRun and is located along the path shown in the image above. To set a ban, you just need to create a new parameter and specify the path to the executable EXE file, and then reboot the computer device.

Note: the parameter is created separately for each application; if necessary, you can set additional key values ​​(2, 3, 4), but the ban itself will apply to all users who do not have administrator privileges in the system.

Brief summary

To sum up all of the above, apparently many have already realized that setting restrictions on the launch of installed applications is the simplest, but far from the best solution. If for some reason you need to ban the installation of programs, it is best to use group policies or the snap-in management console, which is confirmed by most computer security specialists.

But in any case, actions with these editors must be performed only when logged into an administrator account or using the appropriate rights to change the system configuration. You can use the App Locker utility as a third-party tool, but its actions are almost exactly the same as managing policies and snap-ins (only the settings are imported and not installed manually), so it was not considered.

Windows 10 is a very flexible operating system and provides a user with proper administrator rights with a lot of freedom and space for various experiments, settings and personalization. At the same time, Windows can greatly limit the user if this is necessary for the administrator or owner of the computer. For example, in Windows 10 Creators Update it became possible to limit the installation of applications that were not downloaded from the Windows Store.

How to prevent applications from installing and running on Windows

The user is offered three options to choose from:

When limiting launched applications in this way, you need to consider several points:

• All applications that were installed using executable files (exe, msi, etc.) before you added restrictions will continue to launch and run without warning. The same applies to downloaded installation files. Even after a complete ban, they will not be subject to the new application installation policy.
• Only those files and applications that have been downloaded/installed will be blocked after restriction activation.
• If the user ignores the warning and instructs the system to execute a file or run a program, they are whitelisted and are no longer blocked. This is done in order to save the computer owner from constantly appearing annoying messages and the need to constantly bypass the restriction.
• A non-administrator account cannot change these settings because changes made apply to all registered profiles on the computer. When you try to change something, the system will ask you to enter the administrator password.

Why limit

Windows itself answers this question:

By installing only apps offered in the Store, you can protect your computer and keep it running smoothly.

Such a mechanism is perfect for monitoring the account of a child, for example, whose curiosity may lead to the appearance of unwanted or malicious applications on the computer. In any case, you can decide for yourself why the restriction on not installing applications may be useful in your case. Our job is only to show how this is done and what nuances are associated with this process.

How to allow installation of any programs on Windows 10

Very simple. Do the same as you did in the instructions above:

1. Open Settings - Applications - Applications and features.
2. Select an item Allow apps to be used from anywhere.

After this, the restrictions will be lifted and you will be able to install applications from any source.

The issue of computer system security has always been the most important for the user. As you know, viruses that penetrate inside a gadget can bring a lot of discomfort to its owner. There are no ways to 100% protect your desktop from malware, but there are ways to maximize your resistance to them.

The most accessible one is to prohibit the installation of programs in Windows 7. This can be achieved absolutely free, and the program that will help with this is already available on most versions of Windows. The principle of operation is outrageously simple: no programs can be downloaded without the user's permission. And then you will not encounter such a problem as the appearance, as well as other problems that viruses bring. How to do it? Let's figure it out.

How to set a limit

First you need to open the “Local Security Policy” window. To do this, go to “Start” – “Control Panel” – “System and Security”. Next, go to “Administration”, and there you will see “Local Security Policy” - “Software Restriction Policy”. Right-click on this line and create a new software restriction policy.

Now you need to configure some settings for the new policy. To do this, click on the “Application” line and check the box in the same places as in the picture below.

After that, go to the “Assigned file types” item and feel free to delete the LNK extension. Then go to the additional folder “Security Levels”, see the “Prohibited” sub-item on the right side of the window and assign it by default (with the right mouse button).

That's all, now all users from your computer will be able to run only those programs that you install or the system will do it for you. Usually they are located in the Program Files and SystemRoot folders, but they can be “scattered” in other folders. If this is your case, then I advise you to add these programs to the list of allowed ones. To do this, in turn, go to “Additional rules” – “Name”, right-click on the empty field. Among the other commands, select “Create a path rule” and set the path to the folder where the required program is located.

As you can see, there is absolutely nothing complicated in these actions. It may take a few minutes to follow these rules, but think about how much you will increase the security of your computer. It wouldn’t be a shame to set aside a couple of minutes of your precious time for this, don’t you agree?

Free software can be very useful and functional; some programs even claim to replace expensive paid analogues. At the same time, some developers, to justify costs, “sew up” various additional software into their distributions. It can be completely harmless, or it can be harmful. Each of us has found ourselves in a situation where, along with a program, some unnecessary browsers, toolbars and other evil spirits were installed on the computer. Today we’ll talk about how to once and for all ban their installation on your system.

In most cases, when installing free software, the creators warn us that something else will be installed and offer a choice, that is, uncheck the boxes next to the items with the words "Install". But this does not always happen, and some careless developers “forget” to insert such a sentence. We will fight them.

We will carry out all prohibition actions using equipment , which is present only in the Pro and Enterprise ( and ) and Ultimate editions of the operating systems. Unfortunately, this console is not available in Starter and Home.

Import Policy

IN "Local Security Policy" there is a section called "AppLocker", in which you can create various rules for program behavior. We need to get to it.

At this stage, we will need a file in which the executable rules are written. Below is a link, following which you can find a text document with the code. It must be saved in XML format, without fail in the editor. For the lazy, there is also a ready-made file and a description for it.

This document sets out rules for prohibiting the installation of programs from publishers who have been found to “foist” their products on users. It also specifies exceptions, that is, those actions that allowed applications can perform. A little later we will figure out how to add our own rules (publishers).

Now access to your computer is closed for any programs from these publishers.

Adding Publishers

The list of publishers above can be manually supplemented using one of the functions "AppLocker". To do this, you need to get the executable file or installer of the program that the developer “hardwired” into the distribution. Sometimes this can only be done if you find yourself in a situation where the application is already installed. In other cases, we simply search through a search engine. Let's look at the process using an example.

1. Right-click on the section "Executable Rules" and select the item "Create a new rule".

   

2. In the next window, click the button "Further".

   

3. We put the switch in position "Prohibit" and again "Further".

   

4. Leave the value here "Publisher". Click "Further".

   

5. Next, we need a link file, which is generated when reading data from the installer. Click "Review".

   

6. Find the required file and click "Open".

   

7. By moving the slider up, we ensure that the information remains only in the field "Publisher". This completes the setup, press the button "Create".

   

8. A new rule has appeared in the list.

   

Using this technique, you can prevent the installation of any applications from any publishers, as well as, using the slider, a specific product and even its version.

Deleting rules

Removing executable rules from the list is done as follows: right-click on one of them (unnecessary) and select the item "Delete".

IN "AppLocker" There is also a full policy clear function. To do this, right-click on the section and select "Clear Policy". In the dialog box that appears, click "Yes".

Export policy

This feature helps you transfer policies as an XML file to another computer. In this case, all executable rules and parameters are saved.

Using this document, you can import rules into "AppLocker" on any computer with the console installed "Local Security Policy".

Conclusion

The information obtained from this article will help you forever get rid of the need to remove various unnecessary programs and add-ons from your computer. Now you can safely use free software. Another use is to prevent other users of your computer who are not administrators from installing programs.

 

It might be useful to read:

• How to install Windows directly from a hard drive using different methods?;
• Laptop RAM DDR3;
• Prevent the installation of unwanted programs using AppLocker;
• Bios does not see bootable USB flash drive Ami bios does not see bootable USB flash drive;
• Birthdays on iPhone, iPad and Mac: how to add and enable reminders How to set up reminders on iPhone 5s;
• Xiaomi External Batteries;
• BlockLauncher Pro for Android (updated latest version) Download block launcher for version 0;
• Fuel game won't start;