3 Ways to Prevent Users From Installing New Software on Windows 11

Quick Tips

  • App installation can only blocked using policies and not by account type.
  • Admins can block specific app installations  (MSI or Microsoft Store).
  • Using Policy is better than blocking Windows Installer.

Method 1: Turn Off Windows Installer via Group Policy

The Group Policy Editor on Windows lets you make various administrative-level changes. Among several options, there is a dedicated policy to disable Windows Installer, which effectively prevents users from installing new programs and apps.

It’s important to note that Group Policy Editor is only available on Windows Pro, Enterprise, and Education editions. So, if you’re using the Windows 11 Home edition, this method won’t work.

Step 1: Press the Windows key + R to launch the Run dialog box; type gpedit.msc and press Enter.

Step 2: In the Local Group Policy Editor window, use the left pane to navigate to the following folder:

Computer Configuration\Administrative Templates\Windows Components\Windows Installer

Step 3: Double-click the Turn off Windows installer policy on your right.

Step 4: Select Enabled, then choose For non-managed applications only or Always. If you choose the former, the standard user account can install anything an admin has installed on the PC.

Turn off Windows Installer Group Policy

Turn Off Windows Installer on Windows

Step 5: Click the Apply button to save the changes. At this point, it is best to restart the PC.

See more:  How to counter shot in Suicide Squad: Kill the Justice League

Method 2: Turn off Windows Installer via Registry Editor

Like Group Policy, Registry changes can be done to disable or turn off the Windows Installer. However, be sure to backup of registry files or create a restore point before you make any changes.

Step 1: Click the search icon on the Taskbar or press the Windows key + S to open the search menu. Type registry editor in the box and select Run as administrator.

Step 2: Click Yes when the User Account Control (UAC) prompt appears.

Step 3: Paste the following path in the address bar at the top and press Enter to navigate to the DefaultIcon key.

HKEY_LOCAL_MACHINE\Software\Classes\Msi.Package\DefaultIcon

Step 4: Double-click on the Default string value on your right.

Step 5: Paste the following value in the Value data box and hit OK.

C:\Windows\System32\msiexec.exe,1

After completing the above steps, restart your PC for changes to take effect.

Similarly, if you want to unblock program installation at any point, you can follow the same steps above and enter the following value in Step 5.

C:\Windows\System32\msiexec.exe,0

Method 3: Preventing Standard Users from Running Per-user Applications with AppLocker

AppLocker is a feature in Windows that allows admins to block apps they don’t want the users to install. This can be done by selecting from the list of preinstalled apps or using certificates.

When configuring AppLocker, you can configure the following:

  • Executable Rules: Define how Windows handles executable files (files with the .exe extension) on your system.
  • Windows Installer Rules: Apply to software installed using the Windows Installer (MSI files).
  • Packaged app Rules:  This applies to apps installed from the Microsoft Store
See more:  How to Connect To a Custom, Free VPN on Your Mac – Guiding Tech

Step 1: Open the Run prompt (Win + R), type secpol.msc, and press Enter to open the Local Security Policy.

Step 2: Navigate to Security Settings > Application Control Policies > App Locker. You can configure Executable Rules, Windows Installer Rules, and Packaged app Rules here.

Step 3: Right-click on the category that fits and select Create New Rule.

Applocker Local Security Policy

Step 4: Follow the wizard, and you can choose which app a user can install, which can be denied, and so on. You must go through each of them carefully and choose what to pick.

Local Security Policy Windows Installer Rules

Read about AppLocker on the official Microsoft page.

FAQs:

What is an example of an AppLocker rule?

You can allow members of the local administrator’s group to run all apps but restrict the Everyone group to run apps from the Windows Folder or Program Files folder.

Can Applocker be applied to a group of users?

Yes, you can do that. It is best to add all non-admin accounts to a group and then apply the rules, as there is no Standard user group.

Was this helpful?

.happy-face-cls-1{fill:#c9c9c9;}.happy-face-cls-2{fill:#e1e1e1;}.happy-face-cls-3{fill:#676767;}

Yes

.sad-face-cls-1{fill:#c9c9c9;}.sad-face-cls-2{fill:#676767;}.sad-face-cls-3{fill:#e1e1e1;}.sad-face-cls-4{fill:#676767;}

No


Thanks for your feedback!

Categories: How to
Source: thpttranhungdao.edu.vn/en/

Rate this post

Related posts:

  1. How to Follow Someone on LinkedIn on Desktop and Mobile App
  2. Who is Ashley Graham in RE4 Remake? Voice, Age, Fan Art
  3. How to Find “Honest well-wishes beside the spring fairy” in Genshin Impact
  4. Top 7 Ways to Fix OneNote’s Working Offline Error
  5. How to train horses in The Sims 4 Horse Ranch: All horse skills
  6. Iman Gadzhi Age, Height, and Business
  7. Where is Thrumbo in Baldur’s Gate 3? Location and how to find
  8. How to Print Tracked Changes and Comments in Microsoft Word Documents
  9. How To Get US Masters Tickets: How Much Do the Tickets Cost?
See more:  How to Fix Spider-Man Miles Morales Crashing, Not Launching, or Freezing

Leave a Comment