How to block App Installation on Windows PCs

Configurare noua (How To)

Situatie

Why Block Installing Apps on Windows?

Every user could have their own conditions and use cases. However, the general reasons to block installing new apps or programs may include:

  • You don’t want your children to install new apps when using your computer.
  • You don’t want your employees to install external apps or programs on their work PCs.
  • Your Windows machine already has what it needs, and allowing the installation of new apps may risk your security.
  • You may do this to block the potential malicious Windows apps from being installed from any source.

Solutie

Pasi de urmat
Creating a Standard Account
  1. The first step is to access the “User Accounts” settings page, and the easiest way to do so is to press Win+R to launch the Run app, then type netplwiz and press Enter.
  2. After the User Accounts window opens, click the “Add” button and select the “Sign in without a Microsoft account” option because creating a local account is more manageable and makes more sense in our situation.
  3. A confirmation window will appear. Proceed by clicking the “Local Account” option.
  4. Now, you need to set the name, the password, and the password hint. Note that you (or the concerned person) will need this to log in to the new account. After adding the information, click “Finish.”
  5. Back in the User Accounts settings, you’ll see the newly created user. Click it to select it, then click the “Properties” icon. Finally, make sure that the user is a standard user.
  6. After you restart your PC, you can log in to this new account. Alternatively, open the start menu and click on your photo to see the option to switch the user on Windows without restarting or signing out. Later, if the user tries to install a new app, they’ll be obligated to provide the administrator PIN code, which is typically your user password.
Limiting Apps Installs to Microsoft Store
  1. Open the Settings app by pressing Win+i or normally navigating to it, then go to the “Apps” section and select “Advanced App Settings.
  2. Through the “Choose Where to Get Apps From” drop-down menu, select “The Microsoft Store Only.”
  3. To prevent this option from being altered later, you’ll need to modify the Group Policy Editor, which is available only for the Pro versions of Windows. To continue, launch the Group Policy Editor by searching for it through Windows Search (or by pressing Win+R and typing “gpedit.msc”) and navigate to the following path:
    • Computer Configuration\Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer
    • Double-click the “Configure App Install Control” policy and select “Enabled.” Then, select “Allow Apps from Store Only” through the “Options” drop-down menu. Finally, click “Apply” and “OK.”
  4. Restart your PC for the changes to take effect. If you return to the “Advanced App Settings” page, you’ll see that the option is now grayed out and can’t be changed. Of course, if you need to re-enable it, you’ll need to undo the group policy edit you’ve just made.
Block Installing Executables Through Group Policy Editor
  1. Launch the Group Policy Editor and navigate to the following path. You’ll notice it’s very close to the one we navigated to in the aforementioned method.
  2. Computer Configuration\Administrative Templates\Windows Components\Windows Installer
  3. Just double-click the “Turn Off Windows Installer ” setting and choose “Enabled,” then set it to “Always.” Finally, click “Apply” and/or “OK.
  4. After doing this, you’ll see the message “The system administrator has set policies to prevent this installation” when you try to install any MSI executable. You need to restart your device for the changes to take effect.
  5. From the same “Windows Installer” folder you’re in, you can double-click the policy “Allow User Control Over Installs.” and choose “Disabled.” This will also prevent users from running installation files.
  6. As mentioned above, Group Policy Editor is only available for the Pro versions of Windows. Alternatively, you can apply the same rule through the Registry Editor. Start by launching the Registry Editor by pressing Win+R, then type regedit and press Enter. Always remember to back up the registry before modifying it.
  7. Then, navigate to the following path (or copy and paste it).
    • Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msi.Package
  8. Finally, double-click the “Default” key, change the value data to
    • C:\Windows\System32\msiexec.exe,1
  9. After that, restart your PC.

Tip solutie

Permanent

Voteaza

Up Down
(4 din 9 persoane apreciaza acest articol)
Share
Tweet
Share

Despre Autor

Leave A Comment?