Windows 10 went on sale in 2015, but many users already want to install and configure the applications they need to work, despite the fact that some of them have not yet been updated to work flawlessly in this version of the operating system.

How to find out what programs are installed on Windows 10

In addition to the traditional list of programs, which can be viewed by opening the “Programs and Features” item in the “Control Panel,” in Windows 10 you can find out which applications are installed on your computer through the new system interface, which was not present in Windows 7.

Opening a list of programs from the main Windows settings

Unlike previous versions of Windows, you can get to the list of available applications by following the path: “Start” - “Settings” - “System” - “Applications and Features”.

To find out Additional information about the program, click on its name

Calling a list of programs from the search bar

Open the Start menu and start typing “programs,” “uninstall,” or “uninstall programs.” Search bar will return two search results.

In recent Windows versions you can find a program or component by name

“Add or Remove Programs” is the name of this component in Windows XP. Starting with Vista, it changed to Programs and Features. IN later versions Windows Microsoft The program manager was returned to its previous name, as was the “Start” button, which was removed in some builds of Windows 8.

Launch Programs and Features to get directly to the Windows Application Manager.

How to run an incompatible program on Windows 10

Applications for Windows XP/Vista/7 and even 8, which previously worked without problems, in the vast majority of cases do not work in Windows 10. Do the following:

1. Select the "problematic" application right click mouse, click “Advanced” and then “Run as administrator”. There is also a simpler launch - through the context menu of the application launch file icon, and not just from the program shortcut menu in the Windows main menu.

   Administrator rights will allow you to apply all application settings

2. If the method helps, make sure that the application always runs with administrator rights. To do this, in the properties, in the “Compatibility” tab, check the box next to “Run this program as an administrator.”

   Check the box next to “Run this program as an administrator”

3. Also, in the “Compatibility” tab, click on “Run the compatibility troubleshooter.” The Compatibility Troubleshooter will open. Windows programs. If you know which version of Windows the program was launched in, then in the “Run the program in compatibility mode for” sub-item, select the desired one from the list of OSes.

   The Windows 10 Windows 10 Troubleshooting Wizard offers: additional settings compatibility

4. If your program is not in the list, select "Not in the list". This is done when launching portable versions of programs transferred to Windows normal by copying to the Program Files folder and working directly without a standard installation.

   Select your application from the list or leave the option “Not in the list”

5. Choose how to diagnose an application that stubbornly refuses to work despite your previous attempts run it.

   To manually specify the compatibility mode, select “Program Diagnostics”

6. If you have chosen standard method check, Windows will ask you which versions of the program worked well with.

   Information about the version of Windows in which it was launched required program, will be submitted to Microsoft to solve the problem associated with the inability to open it in Windows 10

7. Even if you chose a non-affirmative answer, Windows 10 will check information about working with this application on the Internet and try to launch it again. You can then close the Program Compatibility Assistant.

If all attempts to launch the application completely fail, it makes sense to update it or change it to an analogue one - rarely, but it happens that during the development of the program, comprehensive support for all future versions of Windows was not implemented at one time. Thus, a positive example is the Beeline GPRS Explorer application, released in 2006. It works with both Windows 2000 and Windows 8. And the negative is the drivers for the HP LaserJet 1010 printer and HP ScanJet scanner: these devices were sold in 2005, when nothing was known about Windows Vista Microsoft didn't even mention it.

The following can also help with compatibility issues:

• decompiling or parsing the installation source into components using special programs(which may not always be legal) and installing/running them separately;
• installing additional DLLs or system files INI and SYS, the lack of which the system may report;
• processing parts of the source code or working version(the program is installed, but does not work) so that the stubborn application still runs on Windows 10. But this is a task for developers or hackers, and not for the average user.

Video: Working with the Program Compatibility Wizard in Windows 10

How to assign priority to an application in Windows 10

Any program corresponds to a specific process (several processes or copies of one process, launched with different parameters). Each process in Windows is divided into threads, and those, in turn, are further “layered” into descriptors. If there were no processes, neither would work operating system, nor third-party programs that you are used to using. Prioritization certain processes will allow you to speed up programs on old hardware, without which fast and efficient work is impossible.

You can assign priority to an application in the Task Manager:

Do not experiment with low priority for vital processes of Windows itself (for example, Superfetch service processes). The Windows system may begin to malfunction.

You can also set the priority using third-party applications, for example, using CacheMan, Process Explorer and many other similar manager applications.

To quickly manage the performance of programs, you need to figure out which process is responsible for what. Thanks to this, in less than a minute, you will sort the most important processes by their priority and assign them the maximum value.

Video: How to give an application the highest priority in Windows 10

How to install a program into startup on Windows 10

Most quick way enable program autostart when Windows startup 10 - through the already familiar “Task Manager”. IN previous versions Windows did not have this feature.

Autostart large quantity applications after starting a new Windows session - wasteful system resources PC, which should be sharply limited. The remaining methods - editing the system “Startup” folder, setting the autorun function in each application (if such a setting exists) are classic, “migrated” to Windows 10 from Windows 9x/2000.

Video: enabling application autostart through the registry and Task Scheduler

How to prevent installation of programs in Windows 10

In previous versions of Windows, for example, Vista, it was enough to prohibit the launch of any new applications, including installation sources such as setup.exe. Parental controls also remained, which did not allow running programs and games from disks (or other media) or downloading them from the Internet.

The installation source is the installation batch files.msi packaged into one .exe file. Even though the installation files are uninstalled programs, they are still executable files.

Prohibiting the launch of third-party programs

In this case, the launch of any third-party .exe files, including installation files, except those obtained from the Microsoft application store, is ignored.

Now launching .exe files downloaded from any other sites and received through any drives and software local network, will be rejected regardless of whether they are ready-made programs or installation sources.

Video: How to allow apps from the Windows Store only

Blocking all programs by setting Windows Security Policy

To prohibit the downloading of programs through the Local Security Policy setting, you need an administrator account, which can be enabled by entering the command “net user Administrator /active:yes” in the Command Prompt.

1. Open the Run window by pressing Win + R and enter the command “secpol.msc”.

   Click "OK" to confirm your entry

2. Click on "Policies" limited use programs" with the right mouse button and select context menu“Create a software restriction policy.”

   Select Create Software Restriction Policy to create a new setting

3. Go to the created entry, right-click on “Application” and select “Properties”.

   To configure rights, you need to go to the properties of the “Application” item

4. Set limits for ordinary users. The administrator should not restrict these rights, as he may need to change settings - otherwise he will not be able to run third-party programs.

   There is no need to restrict administrator rights

5. Right-click on “Assigned File Types” and select “Properties”.

   In the “Assigned file types” item, you can check whether there is a ban on running installation files

6. Make sure the .exe extension is in the prohibited list. If not, add it.

   Save by clicking "OK"

7. Go to the "Security Levels" section and enable the ban by setting the level to "Prohibited".

   Confirm the request to change the setting

8. Close all unclosed ones dialog boxes by clicking “OK” and restart Windows.

If everything is done correctly, the first launch of any .exe file will be rejected.

Execution of the installer file was rejected by the security policy you changed

Changing the location where downloaded applications are automatically saved in Windows 10

When drive C is full, there is little space on it due to the abundance of third-party applications and personal documents that you have not yet transferred to other media, it is worth changing the location automatic saving applications.

1. Open the Start menu and select Settings.
2. Select the System component.

   Select "System"

3. Go to the "Storage".

   Select the “Storage” subsection

4. Follow the steps below for information about saving locations.

   Browse the entire list for the drive label for applications

5. Find the new application installation control and change the C drive to something else.
6. Close all windows and restart Windows 10.

Now all new applications will create folders not on the C drive. If necessary, you can transfer old ones without reinstalling Windows 10.

Video: How to change where downloaded applications are saved in Windows 10

How to remove already installed programs in Windows 10

In previous versions of Windows, you could remove programs by going to Start - Control Panel - Add or Remove Programs or Programs and Features. This method is still correct to this day, but along with it there is another one - through new interface Windows 10

Classic Windows application removal scheme

Use the most popular method - through the Windows 10 Control Panel:

Windows Installer often asks for confirmation to remove the selected program. In other cases - it depends on the developer of the third-party application - the request message may be in English, despite the Russian-language interface of the Windows version (or in another language, for example, Chinese, if the application did not have at least an English interface, for example, the original iTools program) , or not appear at all. In the latter case, the application will be deleted immediately.

To remove a program via new Windows interface 10 Open Start, select Settings, double-click System and click Apps and Features. Right-click on the unwanted program and remove it.

Select the application, right-click on it and select “Delete” from the context menu

Removal usually occurs safely and completely, excluding changes to system libraries or drivers in Windows folder, shared files Program Files or Program Data folders. In case of fatal problems, use installation media Windows 10 or built in Windows wizard"System Restore".

Video: Uninstalling programs in Windows 10 using standard and third-party utilities

Why Windows 10 blocks installation of programs

Microsoft's software installation block was created in response to numerous complaints related to previous versions of Windows. Millions of users remember SMS ransomware in Windows XP, disguised as system process explorer.exe in Windows Vista and Windows 7, “keyloggers” and other nasty things that lead to freezing or blocking of the “Control Panel” and “Task Manager”.

Windows 10 refuses to install uTorrent because the author or developer could not be verified

Ways to disable protection against unverified programs

This protection can and should be disabled when you are confident in the security of the program.

It is based on the UAC component, which monitors accounts and digital signatures of installed programs. Anonymization (removing signatures, certificates and licenses from a program) is often a criminal offense. Fortunately, protection can be temporarily disabled from Windows settings itself without resorting to dangerous actions.

Changing the Account Control Level

Do the following:

Launching application installation from the Command Line

If you still cannot start the installation of the program you like, use the “Command Line”:

Most likely, your problem will be solved.

Why do programs take so long to install on Windows 10?

There are many reasons, as well as ways to solve problems:

1. Problems with compatibility of older applications with the OS. The Windows 10 system appeared only a couple of years ago - not all well-known publishers and “small” authors have released versions for it. More may be required earlier versions Windows in the properties of the program launch file (.exe), regardless of whether it is an installation source or an already installed application.
2. The program is an installer-downloader that downloads batch files from the developers' website, and is not a fully ready-to-use offline installer. These are, for example, the Microsoft.Net Framework engine, Skype, Adobe Reader latest versions, updates and Windows fixes. In case of exhaustion high-speed traffic or network congestion during rush hour with a low-speed provider tariff chosen for the sake of economy, downloading the installation package may take hours.
3. Unreliable LAN connection when installing one application over several similar computers on a local network with the same Windows build 10.
4. Storage media (disk, flash drive, external storage) worn out, damaged. Files take too long to read. The biggest problem is the incomplete installation. An under-installed program may not work and may not be removed after a stuck installation - it is possible to roll back/reinstall Windows 10 from installation flash drive or DVD.

   One of the reasons for a long program installation may be damaged media.

5. The installer file (archive.rar or.zip) is incomplete ("Unexpected end of archive" message when unpacking the installer.exe before running it) or damaged. Download a newer version from another site that you find.

   If the archive with the installer is damaged, you will not be able to install the application.

6. Errors and shortcomings of the developer in the process of “coding”, debugging the program before publishing it. The installation starts but freezes or moves forward very slowly, consumes a lot of hardware resources, uses unnecessary processes Windows.
7. Drivers or updates from Microsoft Update are required for the program to function. Windows Installer automatically launches a wizard or console to download missing updates to background. It is recommended to disable services and components that search for and download updates from Microsoft servers.
8. Virus activity in the Windows system (any Trojans). An “infected” program installer that caused chaos in the process Windows Installer(clones of the process in the “Task Manager”, overloading the processor and RAM PC) and its service of the same name. Not download programs from unverified sources.

   Clones of processes in the “Task Manager” overload the processor and “eat up” the computer’s RAM

9. Unexpected failure (wear, failure) of internal or external drive(flash drives, memory cards) from which the application was installed. A very rare case.
10. Unreliable connection between the PC USB port and any of the drives from which the installation was carried out, downgrade USB speed up to standard USB versions 1.2 when Windows system displays the message: "This device may work faster if connected to a high-speed USB port 2.0/3.0". Check the port operation with other drives, connect your drive to another USB port.

    Connect your drive to a different USB port to resolve the “This device may perform faster” error.

11. The program downloads and installs other components that you forgot to exclude in your haste. Yes, application Punto Switcher offered “Yandex.Browser”, “Yandex Elements” and other software from its developer Yandex LLC. The Mail.Ru Agent application could download the Amigo.Mail.Ru browser, the [email protected] informer, the My World application, etc. There are many similar examples. Every promoted developer strives to impose the maximum of his projects on people. They receive money for installations and conversions, and there are millions of users, so impressive amounts for installing applications grow.

    When installing programs, you should uncheck the boxes next to the settings that suggest installing components you don’t need.

12. The game you like is multi-gigabyte and single-player. Although game manufacturers make them online (this will always be fashionable, such games are most in demand), and scripts are loaded over the network, there is still a chance to come across a work in which there are dozens of local levels and episodes. And graphics, sound and design take up a lot of space, therefore installing such a game can take half an hour or an hour, no matter what the version of Windows is, no matter what performance capabilities it conceals: the speed of the internal disk - hundreds of megabits per second - is always strictly limited . These are, for example, Call of Duty 3/4, GTA5 and the like.
13. Many applications are running both in the background and with windows open. Close the extra ones. Clean the list of startup programs from unnecessary ones using the “Task Manager”, the system folder “Startup” or third party applications, created to optimize performance (for example, CCleaner, Auslogics Boost Speed). Remove unused programs(see instructions above). Applications that you still do not want to delete can be configured (each of them) so that they do not start on their own - each program has its own additional settings.

    CCleaner will help you remove all unnecessary programs from Startup.

14. Windows has been working for a long time without reinstallation. A lot of system garbage and unnecessary personal files that are of no value have accumulated on drive C. Perform a disk scan, cleaning the disk and Windows registry from unnecessary junk from already deleted programs. If you use classic hard disks, then defragment their partitions. Get rid of unnecessary files that may be filling your disk. In general, put things in order in the system and on the disk.

    To get rid of system junk, perform a disk scan and cleanup

Managing programs in Windows 10 is no more difficult than in previous versions of Windows. Apart from the new menus and window designs, everything is done almost the same as before.

Feb 11 2012

Limiting Application Usage in Windows 7

1. Disable or restrict the use of Windows Installer using Group Policy.

Windows Installer(msiexec.exe), is an installation, maintenance and removal tool software Windows systems.

In order to prohibit the installation of applications for all users, open the Group Policy editor (gpedit.msc) and open the section Computer Configuration - Administrative Templates - Windows components(Windows Components) – Windows Installer. On the right side of the Settings window, select the line Disable Windows Installer and double-click on it. Meaning Disable– disables the ability to install programs, value Enable turns it on. Everything is simple here.

You can prohibit the installation of applications for a specific user (account) by creating the appropriate snap-in. To do this, open the console mmc(from the Start menu - Search) and from the File menu, select Add Snap-in. A list of all available system components will open. Select Group Police ( Group policies), click the right arrow to add, and then click the Browse button. Select the Users tab, the desired account and click OK, and then Finish.

After this, repeat the steps I described above, only now the ban on installing programs will apply only to the selected user.

2) Always install with elevated privileges.

In the Group Policy Editor, go to User Configuration - Administrative Templates - Windows Components. Scroll down and select Windows Installer and Allwaus install with elevated privileges(Always install with elevated privileges).

This setting instructs Windows Installer to use system permissions when installing any program on the system.

This setting applies to elevated privileges for all programs. These privileges are typically reserved for programs that have been assigned to the user (offered on the desktop), assigned to the computer (installed automatically), or available in Add or Remove Programs in Control Panel. This setting allows users to install programs that require access to directories that the user may not have permission to view or change.

Note: If you disable this option or do not configure it, the system will enforce permissions current user(or administrator) when installing programs, i.e. with normal rights. This setting appears in the Group Policy Editor in both Computer Configuration and User Configuration. For this setting to take effect, it must be set in both sections.

3) Do not run the specified Windows applications.

In the Group Policy Editor, go to User Configuration - Administrative Templates - System.

Here in the sidebar on the right, double click Do not run specified Windows applications (Do not run specified Windows applications), and in the new window that opens, select Included. Now under Options select the command Show(Show). Click Add and in the new window enter the path that opens the application you want to block in in this case: msiexec.exe.

This will prohibit Windows operation Installer, which is located in C:\Windows\System32\msiexec.exe.

When this setting is enabled, users can't run programs that you add to the blocked apps list.

Note: If users have command line access (cmd.exe), this setting does not prevent them from launching programs in a command prompt window.

Almost every setting in Windows OS, in addition to Group Policies, is duplicated in the system registry editor. But not many people know that there is an online service MSDN on the network, which contains a structured reference Information about setting up huge amount Windows functions through system registry. It is convenient to use, you just need to know English. In addition, there is also a similar guide in Excel document format that you can download.

First make a backup of the registry branch below, or create a restore point.

Open Registry Editor ( regedit.exe) and go to the next section:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer\DisallowRun

Create in section DisallowRun a string parameter named 1 and set its value to the name of the program's EXE file.

Note: if section DisallowRun is missing, create it.

For example, if you want to limit msiexec, create a string parameter 1 and set its value to msiexec.exe. If you want to limit more programs, then simply create more string parameters named 2, 3 and so on, and set their values ​​in the EXE program. Restart your computer.

In Control Panel, open the User Accounts – Manage Other applet account. Select the desired user account and set Parental Controls for it:

In the next window, enable Parental Controls and Program Launch Restrictions:

After building the list, select those programs that the user is allowed to run. If the program you need is not in the list, you can add it manually by clicking the Browse button.

Click OK.

Note: There are some conditions for allowing/blocking applications from running using Parental Controls. First, the user account for which you are introducing restrictions must be with Ordinary rights. Secondly, setting up Parental Controls must be done from an account that has the rights Administrator, which is obvious. And thirdly, the Administrator account must be password protected.

OK it's all over Now. I wish you success in applying the tips I talked about in this article.

Instructions

To set up restrictions, you will need administrator rights. Call command line using the Win+R combination and enter the command secpol.msc. The snap-in window will open. Local options security."

Expand Software Restriction Policies. In the "Object Type" section double click Expand the “Assigned file types” item. The properties window lists the file types that will be considered executable code.

You need to remove from this list programs that may be installed by other users. For example, if one of them works with Excel tables or Access databases, select these items in the list and click “Delete”. Also remove LNK – “Shortcut”. Click OK to confirm.

Double-click to expand the “Enforce” item and move the “Enforce restricted use policies...” switch to the “For everyone except local administrators” position. Expand the Security Levels folder and double-click to expand Unrestricted. Click "Default" and OK to confirm.

Expand the Security Levels folder and double-click to expand Unrestricted. Click "Default" and OK to confirm.

Now other users will be able to run only programs installed by you or the system. By default they are located in the Program Files and SystemRoot folders. If some programs are in other sections, they need to be added to the list of allowed ones.

Expand the “Advanced Rules” snap-in and in the “Name” section, right-click on an empty space. Select the “Create path rule” command and specify the path to the folder where the allowed programs are located.

To prevent users from copying prohibited software into these folders, set permissions on them. Right-click on the folder shortcut and select " General access and safety." In the “Security” tab, set permissions for each user group.

Click "Advanced" and go to the "Permissions" tab. Select a user group, click the “Edit” button and in the new window, select the checkboxes for the actions that are allowed or denied for this group.

Sources:

• how to prevent programs from being installed

If someone elusive constantly litters HDD unnecessary programs that load the system, it is not at all necessary to ambush it. By configuring Windows in a certain way, you can prevent the installation of programs as such.

Instructions

Press the Win+R key combination. A Run dialog box will appear, in which type gpedit.msc and click Enter key. The Local Group Policy Editor will open.

In the left part of the window, open the “Computer Configuration” directory > “ Windows Configuration» > Security Settings > Software Restriction Policies. If you haven't assigned these policies before, click Action > Create Software Restriction Policy. On the right side of the window, right-click on the newly created “Assigned file types” parameter and select “Properties”. Scroll through the "Designated File Types" list to look for MSI and EXE formats. If one of them is missing, add it using the “Extension” input field and the “Add” button at the bottom of this window. For the changes to take effect, click the Apply button and then OK, or immediately the OK button if no changes have been made.

On the left side of the window, select “Security Levels”, and on the right side, right-click on the “Prohibited” option and in the menu that appears, click the “Default” button. In the new window, click on the “Yes” button. Now the system will prohibit the launch of all applications (including EXE and MSI installers) that are in the “Assigned file types” list. The next two steps in the instructions describe steps to block access to the Local Group Policy Editor.

Activate your guest account. To do this, click the Start button > Control Panel. Next, there are two options: if the control panel is displayed by icons, select User Accounts > Manage another account, and if by categories, find

Hello, friends! I decided to open the section with this article, since the topic raised in it is now very relevant. We will talk about Mail.ru and other companies that play unfairly against their users. Well, and of course, about AppLocker itself, as a means of combating installation and launch unwanted programs.

There have long been unflattering reviews and opinions about the Mail.ru group of companies about their aggressive and dishonest marketing not only in relation to competitors, but also, first of all, in relation to the users themselves. And the fact, published on the tenth of March of this year, simply finally convinced me to write this article.

Blame it all on the damned oneGuard And Downloader from Mail.ru /as well as the Amigo browser/ . The thing is that these supposedly “useful” (according to the developers) programs behave in no other way than malicious objects. I'll tell you briefly. For example, you decided to install a mail agent for yourself. You download, install, and then the most interesting thing happens - in addition to the agent itself, a bunch of other gadgets are installed on your favorite computer: satellite, toolbar, guard, amigo, etc. According to representatives of mail.ru, if you uncheck these programs when installing the main program, they will not be installed. But in reality this is not always the case. Evidence of this is the great many angry remarks, comments and reviews on this matter.

But the main “trump card” of mail.ru is GuardMailRu (supposedly the Defender). In fairness, it is worth noting that it, of course, protects against unauthorized changes to the browser start page, for example, or from unauthorized changes search engine. But that's the rub. Almost without the user’s knowledge, it sets the start page (guess which one?), and protects it from changing it. Same with default search. And not only protects, but also deletes everything previously installed modules from Yandex, Rambler, etc.

It would seem, and to hell with it, it’s a useful function (on the one hand). But the fact is that when Guard is removed, it magically returns again. And that’s it – your start page forever Mail.ru =)

Who is even a little familiar with information security You’ve probably already seen the malicious nature of all these actions, characteristic of viruses and Trojans. For example:

• installation without the user's knowledge;
• changing user settings without the owner’s knowledge;
• uninstalling third-party applications;
• no deletion option standard means operating system.

But even that's not all! The best is yet to come.

As it turned out, mail.ru has another “application” - Downloader. And this is already, in my opinion, real scam from this company. Look, for example, an Internet user is walking around various resources on the Internet, looking for necessary information, and then - bam - a notification pops up that you need to update Mozilla, Chrome, Internet Explorer, etc., and it all looks quite official. BUT! Downloading in progress not from the official website, but from mail.ru partner sites, and, of course, it is not the update that is downloaded, but the “Internet Browser” (well, they came up with the name =)) /now this is Amigo Browser/ all from the same Mail.ru! Naturally with its own toolbar and other unnecessary “nasty”, such as [email protected].

There are already a lot of them circulating online different pictures and memes about this. Like this one:

You may ask, why don’t antiviruses block or swear? Here's why (and this is even more shocking). It turns out that all these pseudo-updates signed by a real and legitimate digital signature Mail.Ru! Therefore, antivirus software, seeing this signature, quite naturally trusts the downloaded and running application.

And now tell me, isn’t this a scam? Not deceiving users? Isn't it misleading?

“We weren’t the first to start this” (c)

This is how an employee of Mail.ru, who is directly related to the development of the downloader, responded on an authoritative Internet portal to numerous claims and real facts based on an analysis of the code and behavior of this “Downloader”, which allow us to boldly state: Downloader from Mail.ru is nothing more than a Trojan!

The company somehow needs to monetize its projects. So they decided to follow the path" affiliate programs" - offer various resources a way to earn money through this very “loader”.

These are the pies, friends. You can read more about all this on various online resources, such as Habr. Well, let's move on to practice.

But first, in fairness, it is worth noting that such aggressive marketing was not really invented by mail.ru. Yandex, for example, also has its own “Defender”. Various services such as AOL, Ask.com, ICQ, etc. also use installation of their toolbars or programs in third party software, and they have been doing this for a long time. But what lengths did Mail.ru go to, openly deceiving users with false updates? third party programs– this, of course, is nonsense.

So let's fight this with AppLocker!

Most users who actively use the Internet understand perfectly well what UAC (User Account Control), administrator rights, etc. are, and also know and understand that when installing any software, you cannot blindly click on the “next” button, but you need to carefully review everything, uncheck unnecessary boxes, etc. But, after all, we all have friends, relatives, parents, clients, finally, who don’t even know about such things.

And, in order to protect them from such misfortunes, we will use local politics security And . I’ll say right away that this only works on Windows 7 operating systems (Ultimate and Enterprise). I can’t say anything about Windows 8; I haven’t tested it.

This technique is unlikely to be suitable for those who regularly install software and games on their computers, because... it quite strongly limits the user's actions. In many cases, it is much more comfortable to use, which copes with its tasks perfectly and does not cause any inconvenience.

First we will need to create XML file(if you don’t want to bother creating it, you can download it). To do this, copy this code. The code has been temporarily removed due to display issues. Download the finished xml file.

Then open standard notepad(but it’s better to use Notepad++) and paste the copied code into it. Next, click: File - Save As...

The file must be saved in UTF-8 encoding, otherwise an error will occur when importing rules. The encoding (in Notepad) is changed in the drop-down menu next to the "Save" button

We enter an arbitrary name (for example, blockmailru.xml) and save it to any place convenient for us, for example, to the desktop. That's it, the file is ready.

Now you need to start the service and install for it auto mode startup, otherwise AppLocker will not work. To start this service, open: Control Panel – Administrative Tools – Services:

Double-click on “Application Identity” and the properties window for this service will open. Now you need to start this service and enable it automatic type launch. Click run:

Don't forget to click on "OK" =)

If you already have the service running, be sure to enable the automatic startup type for it, as shown in the figure above. By default, the startup type of this service is set to Manual.

That's it, we're done with services for today. Now you need to import the previously created list (which we tentatively called blockmailru.xml) into AppLocker. To do this, open again: Control Panel – Administration – Local Security Policy. Looking for: Application control policies - AppLocker:

Right-click on "AppLocker" and select "Import policy...". After which, in the window that opens, you need to point to the created blockmailru.xml file and open it. The system will prompt you to change the policy and notify you that all previous policy rules will be replaced. We agree. All. The main part of the work has been completed. In "Executable Rules" you will see the following picture:

The same picture will appear in the "Windows Installer Rules" section.

As you can see in the screenshot, the rules have the following item: Allow – All – D:\Portable Soft\*. This rule states the following: Allowed to run by any user and any program from the Portable Soft folder located in the root of drive D. This (rule) is required to run portable programs(i.e. those that run without installation). Or, for example, to allow the installation of those programs whose installers you place in this folder.

You also need to enable such a rule. This is done very simply. Create a folder where it is more convenient for you (at least on your desktop). Name it something (like "Portable") and place all the portable programs and installers that you trust in it. Next, open it again (if closed): Control Panel - Administration - Local Security Policy - Application Control Policies - AppLocker. On “Executable rules”, right-click and select “Create a new rule...”. Everything is simple there: click “next”, then “next”, then check the “Path” box, “next” again and “Browse folders”. A window will open in which you will need to specify the same folder and again “next”, “next”, and at the final stage “create”. The rule has been created. In fact, everything is simpler than that. In addition, when creating or editing such rules, you can specify exceptions, allow or block paths (folders), publishers, etc.

The same needs to be done for programs that are installed not in Program Files, but, for example, in C:\Users\username\AppData\Local\Apps\. In general, if after making the settings some program does not start for you, add its location to the rules. Similar to how we added permissions for the "Portable" folder

Let us now finally understand what we have achieved with all these manipulations and what is now forbidden to us and what is allowed:

• launch and installation blocking any programs from publishers such as: CNET, AOL, SweetIM, Uniblue, ASK, Mail, Messenger Plus, Hamster, Mediaget, Reg Organaizer. All these publishers have been convicted of dishonest practices ( hidden installation and so on.). The list can be supplemented and edited independently;
• Allowed to run all programs that are located in Program Files, Windows and in the folder (directory) that we added ourselves;
• Allowed to run any programs by a local administrator (i.e., administrator account)
• Allows execution of digitally signed Windows Installer files (.msi files);
• Allowed execution of digitally signed Windows Installer files located in the Installer directory (in the Windows folder);
• Allowed to run any installer files Windows local administrator (i.e. administrator account).

Thus, no Guards, “defenders”, left browsers from mail.ru, from Yandex, satellites, Yandex bars and other unnecessary rubbish will no longer appear on your computer or on the computer of your loved ones and friends. All programs from the specified publishers will no longer penetrate a computer on which these rules apply; they will simply be blocked.

When installing any software always keep an eye on the checkboxes, watch carefully so as not to install third-party software.

And remember one of the main rules - download software ONLY from official sites.

If you have any questions regarding this instruction, feel free to ask them in the comments or via .

See you soon!

There are several ways to prevent the installation of programs on Windows 7, which will now be discussed. Why is this necessary? For example, if you are not the only one using a computer and strangers constantly install unnecessary software or games. Also, this ban can protect Windows 7 from imposed software that you do not need. There are also many other reasons.

Prevent installation of applications using the Group Policy Editor

In order to prohibit the installation of applications, you need to open the editor group settings– gpedit.msc. This can be done like this: open the Start menu - click on the “Run ...” button - write gpedit.msc there. After this, the window we need will open; in this window we will need the “Administrative Templates” section.

Click on “Windows Components”, then scroll down and find the folder “”. When it opens, there will be commands under the “Status” line, we need “Disable Windows Installer”. You need to click on it 2 times, and when the window appears, select the “Disable” function, which accordingly prohibits the installation of programs. The Enable function overrides this prohibition.

How to prevent a specific user from installing applications on Windows 7

Prohibiting the installation of software for a specific user on Windows 7 requires the creation of an appropriate snap-in. You need to enter the mmc console (start menu - “Run ...”), then in the console click on the “File” tab and click on “Add or remove snap-in ...”

The corresponding panel will open.

In this panel, select the “Group Policies” snap-in, and then click on the arrow. A window will appear, in it you need to click the “Browse” button, select the “Users” tab, then select the desired user who you want to block from installing Windows 7 programs. Confirm the transaction, and you’re done.

Then you need to repeat all the steps described above (see “Banning installation using the Policy Editor”, but banning software installation in Windows 7 will now only affect the specified selected user.

Prevent installation of programs using parental controls (Windows 7)

This method is much simpler, judging by the number of transactions, and it is applicable in cases where the person sitting at the PC installs too much garbage.

To prevent programs from being installed using parental controls, you need the following (works only on Windows 7):

Login to the panel Windows management 7 through the Start menu, and click on the “Manage User Accounts” tab

Click on the “Parental Control” button

We select the user whom we want to prohibit from installing programs.

We need "Restrictions on"

We just click on the tab, after which a console opens in front of us, where we put a checkmark:

Windows 7 automatically finds programs that you can block. If the right application will not be found (i.e. it will not be in the list), then you can find them yourself through the “Browse” button and block them.

Prevent installation of programs using the registry (Windows 7)

Here we need to click on the “Run…” tab through the Start menu and enter next command– regedit.exe. A window will open in front of us in which we will need to follow this path exactly to get to the goal:

HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer\DisallowRun

Then, in the “DisallowRun” item, create a text parameter called 1 and add to it the name of the application’s executive file with the extension .exe.

For example, if you need to block msiexec, then you just need to create text parameter 1 and initialize it with the line “msiexec.exe” If you want to block more apps, then accordingly it will be necessary to make additional text parameters with names 2, 3, 4 and so on, and then assign them the names of the application EXE files and you're done.

After this, you only need to restart your computer.