network management Xiaowang just went to work, and then to the leader to summon, Xiao Wang is swearing whether he has done anything wrong, to the office manager Liu said to him, "Xiao Wang, I do not want a program to run What should I do? For example, I don't want others to run QQ on my computer."
Wang: "Liu, this easy to handle, in Windows7 can do this, I'll show you?"
Liu: "Oh, there is this feature Windows7 Yeah, then let me show it to me. Then, I always opposed the deployment of Windows7. Later, after the recommendation of your department, I barely agreed. Recently, everyone’s satisfaction with this Windows7 is quite good. My It feels good too, so I still have to listen to what your professional advice is good."
Xiao Wang: "Manager Liu is satisfied with you, come to me to show you how to prohibit a program from running, we will Take QQ as an example."
Windows7 added a feature AppLocker (application control policy), you can use it to easily create policies to restrict certain programs.
example you want to ban QQ running, you can do this: Click "Start" → "Search programs and files" box, type secpol.msc → → press Enter to open the Local Security Policy → find application control Strategy→AppLocker→ Right-click blank area right-click menu→Create new rule→Enter new rule wizard.
"Permissions" step: The operation is set to "Reject", the user can select "Everyone" or specify the account.
"Conditions" step: The most insurance is to limit by the "publisher" conditions, that is, the current large software related programs are signed by the software publisher By using this rule, you can restrict all programs that have the signature, which avoids the path of the "path" rule and can be run, or a circumvention of the "file hash" rule. For the sake of demonstration, here we choose "Publisher".
"Publisher" setting: "Browse" finds the main program file of QQ. After selecting, the related information of the program will appear automatically. In the slide button, we select "Publisher".
"Exception" setting: After the previous step setting, all programs with Tencent official signature will not run, such as QQ, QQ music, QQ video, QQ games, etc. Tencent series software, even The installer is included, and if you need to allow a program to run separately, you can add it as an exception here.
"Name" setting: The last step is to set the rule name, you can help this rule to have an easy-to-recognize name.
If you are currently creating the first rule, then there will be a default rule creation prompt after completion, you need to click "Yes" to allow the creation of default rules, so that you do not set the rules to make the system file program restricted .
After successfully creating a rule, the operation will be blocked when attempting to run any program with Tencent's official signature. This rule works regardless of how the user changes the file path and version.
After Xiao Wang’s explanation, Manager Liu quickly mastered the use of AppLocker. He praised Xiao Wang, “It’s not bad. I want this effect. It seems that Windows 7 is really good."
Editor's Note: If the AppLocker rule is invalid, click "Start" → type services.msc in the "Search Programs and Files" box → press Enter → Open the "Services", find the Application Identity item, set its startup type to "Automatic", and then press "Start" to make the rule take effect.