You can strict users from running programs in Windows using Program Blocker or AskAdmin freeware tools. But, if you want to restrict users from installing as well as running programs in Windows 10/8/7/Vista / XP / 2000 & Windows Server; you can do so by changing certain Group Policy settings that can control the behavior of the Windows Installer, prevent certain programs from running or restrict it via the Registry Editor.
How to disable or restrict the Windows Installer in Win 10 via Group Policy?
To turn off or restrict the Windows Installer in Windows 10 using Group Policy, follow these easy steps:-
Step 1. Click on the Start button and type gpedit.msc on search.
Step 2. Click on gpedit.msc from search to open the Group Policy Editor.
Step 3. Navigate to the following:-
Computer Configurations > Administrative templates > Windows Components > Windows Installer.
Step 4. From the right-hand side pane, double-click on “Turn off Windows Installer.”
“This policy setting restricts the use of Windows Installer. If you enable this policy setting, you can prevent users from installing software on their systems or permit users to install only those programs offered by a system administrator. You can use the options in the Disable Windows Installer box to establish an installation setting. This setting affects Windows Installer only. It does not prevent users from using other methods to install and upgrade programs.”
Step 5. Click Enabled, Apply, and then OK.
To make Windows 10 non-secured, you can configure the “Always install with elevated privileges.”
In the Group Policy Editor, navigate to the following:-
User Configuration > Administrative Templates > Windows Components. Double-click and configure “Always install with elevated privileges.”
“This policy setting directs Windows Installer to use elevated permissions when it installs any program on the system.
If you enable this policy setting, privileges are extended to all programs. These privileges are usually reserved for programs that have been assigned to the user (offered on the desktop), assigned to the computer (installed automatically), or made available in Add or Remove Programs in Control Panel. This profile setting lets users install programs that require access to directories that the user might not have permission to view or change, including directories on highly restricted computers.
If you disable or do not configure this policy setting, the system applies for the current user’s permissions when it installs programs that a system administrator does not distribute or offer.”
Disallow certain Windows applications
In the Group Policy Editor, navigate to the following:-
User Configuration > Administrative Templates > System. From the right-hand side pane, double-click on “Don’t run specified Windows applications.” Please enable it, and under Options, click Show. Enter the path of the application you wish to disallow; in my case: rstrui.exe.
This will disallow Windows Installer, which is located in C:\Windows\System32\ folder, from running.
Restricting any Program from being installed via Registry Editor
Step 1. Open the Registry Editor by typing regedit.msc in search of Windows 10.
Step 2. Navigate to the following registry key:-
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer\DisallowRun
Step 3. Create a new String value with any name, e.g., 1, and set its value to the program’s EXE file.
Suppose you want to restrict rstrui.exe, create a String value 1, and set its value to rstrui.exe. If you want to restrict more programs, create more String values with names 2, 3, and so on, and set their values to the program’s exe.
Conclusion
In conclusion, restricting users from running or installing programs in Windows can be achieved through various methods such as using Program Blocker or AskAdmin freeware tools. However, if you want to restrict both program installation and execution in Windows 10/8/7/Vista/XP/2000 and Windows Server, you can modify specific Group Policy settings or make changes in the Registry Editor. By following the step-by-step instructions provided in this guide, you can easily disable or restrict the Windows Installer, control the behavior of certain programs, and enhance the security and control of your Windows environment. Whether it’s through the Group Policy Editor or the Registry Editor, you have the power to manage program restrictions and create a more tailored and secure user experience on your Windows system.
