Knowledge Base

How to block users from running or installing software

Problem:

You need to stop users from running particular applications, disable their ability to install new software, disallow executing scripts, etc. and you want to manage this at the operating system level.

Solution:

Use the Microsoft tool: AppLocker. It was introduced in Windows Server 2008 R2 and Windows 7. All newer Windows versions have this feature already implemented. This application allows administrators to control how users can access and use files, such as executable files, scripts, Windows Installer files, and DLLs.

To access Applocker run Local Group Policy Editor (use the key combination 475-2 + R and type in gpedit.msc) and expand: Computer Configuration, Windows Settings, Security Settings, Application Control Polices to get to AppLocker settings branch. Now, if you for example, want to stop users from running some software you would have to create an Executable Rule and then Configure rule enforcement to apply it.

To find out more on AppLocker check out Microsoft's website on that.

475-1
Fig. 1. AppLocker window.