Home
Outlook
maximum size limit in exchange mail server
Blocking Pc's
At the Server, I have taken all rights away from the 2-added clients.
I first blocked the possibility of running exe files completely and then released the programs that could be opened like the Office programs, irfanview etc.
Also CMD can no longer be used.
My serverdomain can therefore no longer be called a rule of law.
Complaints to the management.
Disable or restrict the
use of Windows Installer via Group Policy
gpedit.msc in start search and hit Enter to open the Group Policy Editor.
Navigate to Computer Configurations > Administrative Templates > Windows
Components > Windows Installer. In RHS pane double-click on Disable
Windows Installer. Configure the option as required.
Always install with
elevated privileges
the Group Policy Editor, navigate to User Configuration > Administrative
Templates > Windows Components. Scroll down and click Windows Installer and
configure it to Always install with elevated privileges.
This
setting extends elevated
privileges to all
programs. These privileges are usually reserved for programs that have been
assigned to the user (offered on the desktop), assigned to the computer (installed
automatically), or made available in Add or Remove Programs in Control Panel.
This setting lets users install programs that require access to directories that
the user might not have permission to view or change, including directories on
highly restricted computers.
If
you disable this setting or do not configure it, the system applies the current
user´s permissions when it installs programs that a system administrator does
not distribute or offer.
This
setting appears both in the Computer Configuration and User Configuration
folders. To make this setting effective, you must enable the setting in both
folders.
Skilled
users can take advantage of the permissions this setting grants to change their
privileges and gain permanent access to restricted files and folders. Note that
the User Configuration version of this setting is not guaranteed to be secure.
Don´t
run specified Windows applications
In
the Group Policy Editor, navigate to User Configuration > Administrative
Templates > System
Here
in RHS pane, double click Don´t run specified Windows applications
and in the new window which opens select Enabled. Now Under Options click Show.
In the new windows which opens enter the path of the application you wish to
disallow; in this case : msiexec.exe.
will disallow Windows Installer which is located in C:\Windows\System32\
folder from running.
This
setting only prevents users from running programs that are started by the
Windows Explorer process. It does not prevent users from running programs, such
as Task Manager, that are started by the system process or by other processes.
Also, if you permit users to gain access to the command prompt, cmd.exe,
this setting does not prevent them from starting programs in the command window
that they are not permitted to start by using Windows Explorer. Note: To create
a list of disallowed applications, click Show. In the Show Contents dialog box,
in the Value column, type the application executable name (e.g., msiexec.exe).
Restrict Programs from
being installed via Registry Editor
Open
Registry Editor and navigate to the following key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current
Version\Policies\Explorer\DisallowRun
Create String value with any name, like 1 and set its value to the
program´s EXE file.
For
example, If you want to restrict msiexec,
then create a String value 1 and
set its value to msiexec.exe. If you want to
restrict more programs, then simply create more String values with names 2, 3
and so on and set their values to the program´s exe.
You
may have to restart your computer.
Configure
and allow Windows to run Specified Programs only
In
certain situations, you might want to allow others to run only programs
you specify on your computer. What you need is the Windows Group Policy
Editor (which is available in Professional and above versions of
Windows). To open Group Policy Editor, press the Start button, type gpedit.msc
and press Enter.
Run
only specified Windows Applications
Explore down to User Configuration > Administrative
Templates > System in the left pane.
Now double click Run only specified Windows
Applications.
From the check box, select Enabled. To set the
allowed applications, click Show from under Options.
Now
click right next to the star (*) under Value and enter
the name of the applications which you want to run. For example if you
want to run Firefox, enter firefox.exe.
This
setting will limit the Windows programs that users have permission to
run on the computer. If you enable this setting, users can only run
programs that you add to the List of Allowed Applications.
Do
note that this setting only prevents users from running programs that
are started by the Windows Explorer process. It does not prevent users
from running programs such as Task Manager, which are started by the
system process or by other processes. Also, if users have access to the
command prompt, Cmd.exe, this setting does not prevent them from
starting programs in the command window that they are not permitted to
start by using Windows Explorer.
Incidentally
you might wand to check out Windows
Program Blocker,
a free App or Application blocker software to block software from
running on Windows 8 | 7.
How
to prevent users from installing programs in Windows 7 and how
to prevent Anyone from Uninstalling Metro Applications in Windows 8
may also interest you.
Source
Also read:
-
Windows Program Blocker is a free App or Application blocker software to block software from running