Home 

Outlook maximum size limit in exchange mail server

Blocking Pc's 
At the Server, I have taken all rights away from the 2-added clients.
I first blocked the possibility of running exe files completely and then released the programs that could be opened like the Office programs, irfanview etc.
Also CMD can no longer be used.
My serverdomain can therefore no longer be called a rule of law.
Complaints to the management.

Disable or restrict the use of Windows Installer via Group Policy
 

gpedit.msc in start search and hit Enter to open the Group Policy Editor. Navigate to Computer Configurations > Administrative Templates > Windows Components > Windows Installer. In RHS pane double-click on Disable Windows Installer. Configure the option as required. setting can prevent users from installing software on their systems or permit users to install only those programs offered by a system administrator. If you enable this setting, you can use the options in the Disable Windows Installer box to establish an installation setting. Never option indicates Windows Installer is fully enabled. Users can install and upgrade software. This is the default behavior for Windows Installer on Windows 2000 Professional, Windows XP Professional, and Windows Vista when the policy is not configured. For non-managed apps only option permits users to install only those programs that a system administrator assigns (offers on the desktop) or publishes (adds them to Add or Remove Programs). This is the default behavior of Windows Installer on Windows Server 2003 family when the policy is not configured. Always option indicates that Windows Installer is disabled. setting affects Windows Installer only. It does not prevent users from using other methods to install and upgrade programs.

Always install with elevated privileges

the Group Policy Editor, navigate to User Configuration > Administrative Templates > Windows Components. Scroll down and click Windows Installer and configure it to Always install with elevated privileges. setting directs Windows Installer to use system permissions when it installs any program on the system.

This setting extends elevated privileges to all programs. These privileges are usually reserved for programs that have been assigned to the user (offered on the desktop), assigned to the computer (installed automatically), or made available in Add or Remove Programs in Control Panel. This setting lets users install programs that require access to directories that the user might not have permission to view or change, including directories on highly restricted computers.

If you disable this setting or do not configure it, the system applies the current user´s permissions when it installs programs that a system administrator does not distribute or offer.

This setting appears both in the Computer Configuration and User Configuration folders. To make this setting effective, you must enable the setting in both folders.

Skilled users can take advantage of the permissions this setting grants to change their privileges and gain permanent access to restricted files and folders. Note that the User Configuration version of this setting is not guaranteed to be secure.

Don´t run specified Windows applications

In the Group Policy Editor, navigate to User Configuration > Administrative Templates > System

Here in RHS pane, double click Don´t run specified Windows applications and in the new window which opens select Enabled. Now Under Options click Show. In the new windows which opens enter the path of the application you wish to disallow; in this case : msiexec.exe.

will disallow Windows Installer which is located in C:\Windows\System32\ folder from running. setting prevents Windows from running the programs you specify in this setting. If you enable this setting, users cannot run programs that you add to the list of disallowed applications.

This setting only prevents users from running programs that are started by the Windows Explorer process. It does not prevent users from running programs, such as Task Manager, that are started by the system process or by other processes. Also, if you permit users to gain access to the command prompt, cmd.exe, this setting does not prevent them from starting programs in the command window that they are not permitted to start by using Windows Explorer. Note: To create a list of disallowed applications, click Show. In the Show Contents dialog box, in the Value column, type the application executable name (e.g., msiexec.exe).

Restrict Programs from being installed via Registry Editor

Open Registry Editor and navigate to the following key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer\DisallowRun

Create String value with any name, like 1 and set its value to the program´s EXE file.

For example, If you want to restrict msiexec, then create a String value 1 and set its value to msiexec.exe. If you want to restrict more programs, then simply create more String values with names 2, 3 and so on and set their values to the program´s exe.

You may have to restart your computer.  

Configure and allow Windows to run Specified Programs only

In certain situations, you might want to allow others to run only programs you specify on your computer. What you need is the Windows Group Policy Editor (which is available in Professional and above versions of Windows). To open Group Policy Editor, press the Start button, type gpedit.msc and press Enter.

Run only specified Windows Applications

Explore down to User Configuration > Administrative Templates > System in the left pane.

Now double click Run only specified Windows Applications.  

From the check box, select Enabled. To set the allowed applications, click Show from under Options.

Now click  right next to the star (*) under Value and enter the name of the applications which you want to run. For example if you want to run Firefox, enter firefox.exe.

 

This setting will limit the Windows programs that users have permission to run on the computer. If you enable this setting, users can only run programs that you add to the List of Allowed Applications.

Click OK and you are done. Now the user will only be able to open the programs you specify this way.

Do note that this setting only prevents users from running programs that are started by the Windows Explorer process. It does not prevent users from running programs such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt, Cmd.exe, this setting does not prevent them from starting programs in the command window that they are not permitted to start by using Windows Explorer.

Incidentally you might wand to check out Windows Program Blocker, a free App or Application blocker software to block software from running on Windows 8 | 7.

How to prevent users from installing programs in Windows 7  and how to prevent Anyone from Uninstalling Metro Applications in Windows 8  may also interest you.

 

Source

Also read:

  1. Prevent users from running programs in Windows 10/8/7

  2. Run only specified Windows Applications

  3. Windows Program Blocker is a free App or Application blocker software to block software from running

  4. How to block third-party app installations in Windows 10.