Every vacation, the computer of college student Xiao Sun will be "due to bitterness". Because of the school holiday, the laptop became a plaything for the younger brother when he took it home. Last year, my brother did not operate the system's own "diskpart.exe" program, which resulted in the hard disk partition being adjusted, causing terrible consequences of data loss. It seems that this year it is necessary to intercept and block the initiation of related procedures. In this way, the laptop can also live a peaceful summer. Use the registry limit program to run the regedit.exe command in &startquo;start →run” to open the registry editor. Expand the "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer” branch, click on the “New →DWORD value" item on the right-click menu of the Explorer item, and create a key named DisallowRun on the right side of the window. name. Double-click the value of the key. In the pop-up edit window, set the “Value data” column to “1” and select the “hexadecimal” item in the “Bases” column. Click the OK button to save the configuration. Next, click on “New →item" on the right-click menu of the above Explorer item to create a subkey named DisallowRun. Select the sub-key, right-click in the blank area on the right side of the window, select the “New →String” item in the pop-up menu, and create a new key name name (for example, “New Value #1”, etc.”). Double-click the key name and enter the name of the program you want to prohibit in the edit window. For example, enter Thunder.exe to disable Thunder (see Figure 1). According to the above method, you can create any number of key names on the right side of the above window and assign them the disabled software names. After restarting the system, these disabled programs will not run. In order to prevent others from changing the registry at will, to cancel the above restrictions, it is best to click the "permissions" item on the right-click menu of the above DisallowRun subkey to give the account full control of the subkey and access to other accounts. cancel all of them. The Leverage Group Policy Restriction Program runs the gpedit.msc command in "Start →Run", and expands to the left side of the Group Policy Editor window, "Local Computer Policy & Rarr; User Configuration & Rarr; Administrative Template & Rarr; System" Branch, double-click in the right window, "Do not run the executed Windows program" item, select the "Settings" panel in the pop-up window, select the "Enable" option, in the "Allowed application" Click the “Show” button in the Programs list. In the "Show Contents" dialog box, click the "Add" button to enter the name of the program file that is forbidden to run, for example, enter "Thunder.exe" to disable the Thunder. Any number of disabled program names can be added as described above. This way, when someone tries to start these programs, the system will refuse to run. There is a disadvantage in the above two methods. When entering the target program path in the CMD window and manually entering the program name, the limit can be exceeded and the disabled program can be started normally. This can be avoided by using a software restriction policy. In the list on the left side of the Group Policy window, expand the "Computer Configuration & Rarr; Windows Settings & Rarr; Security Settings" branch, and click on the "Software Restriction Policy" item on the right side of the "Software Restriction Policy" item. Click the “New Path Rule” item on the right-click menu of the “Other Rules” item on the right side of the window. Click the “Browse” button in the pop-up window to select the target program. After clicking the OK button, you can completely disable the program from running. In order to prevent others from illegally canceling the above restrictions, it is best to rename the gpedit.msc. Use the account permission limit program to run. Once someone else has obtained the administrator rights, you can start the program in the system "Unblocked". How can we see the move and solve the above-mentioned crisis, and prevent others from using the advanced account rights in the system "horizontal"? By using the system's permission control function, the above problems can be effectively solved. Run the command "net user lysofter 123456" in the CMD window to create a non-administrator account in Windows XP. The account name is lysofter and the password is 123456. In the Explorer window, click the menu "Tools → Folders" option, in the "View" panel to cancel the "Simple File Sharing" option. Select the disabled program in the Explorer (assuming the target program is "d:\\tools\
acer.exe", note that the program must be saved in the NTFS partition), and open the "Security" panel in its properties window. , click the “Advanced” button, in the "Advanced Security Settings" window (Figure 2), cancel “ allow parent inheritance permissions to propagate to the object and all child objects, including those explicitly defined here & rdquo; The choice of item, then delete all the successor's permission items in the "Permissions" list. Go back to the previous window, click the “Add” button, click the “Advanced” button in the pop-up "Open User" window, and click the "Find Now" button in the pop-up extension window. Double-click the previously created lysofter account in the “Search Results” list and click the OK button to add it to the “Group or User Name” list. Check the account and check the “full control" item in the “Allow” column in the list of permissions below. This way, even if someone logs in to the system as an administrator, the above program cannot be run. When you need to use the program yourself, you must run the command “runas /user : lysofter "d:\\tools\
acer.exe "” in the CMD window. Then follow the system prompts to enter the corresponding login password before you can run the program. Create a script to disable the program. Open Notepad and enter the following script content (Figure 3): On Error Resume NextDim aaa, bbb, honker, cccDoccc="."set aaa=getobject("winmgmts:\\\\. \
oot\\cimv2")set bbb=aaa.execquery("select * from win32_process where name='QQ.exe'")for each i in bbbi.terminate()nextwscript.sleep After 200loop save it as Deny. Copy the vbs file to the C:\\Windows folder. After starting the program, when trying to run QQ, it will be intercepted by the program. Of course, if you want to disable multiple programs at the same time, you can modify the relevant content of the program. For example, if you disable QQ, Thunder, or IE at the same time, you can change the statement <; set bbb=aaa.execquery("select * from win32_process where name='QQ.exe'")” to “set bbb=aaa .execquery("select * from win32_process where name='QQ.exe' or name='thunder.exe' or name='iexplorer.exe'")” In other words, just add the required program in turn by the code of “or name='xxxx.exe”, in order to facilitate the operation, it is best to open the Group Policy Editor and expand “Computer Configuration” →“Windows Settings”→“Script (Startup/Shutdown)” branch, double-click on the right side of the window to "Start", click on the "Add" button, and "Deny.vbs" file Add to the autorun list to keep it running automatically. But when you want to remove the restriction, end the “wscript.exe” process in the Task Manager. Use special tools to disable program running. Using NotRun, a free gadget, also gives you control over how your program runs. NotRun can be run automatically following the system after installation. Double-click the NotRun icon in the system tray, click the Select button in the upper part of its management interface (Figure 4), select the disabled program, for example, select QQ.exe. Then click the OK button in the lower left corner of the window to add it to the disabled list. In the same way, you can add as many disabled programs as you want. In order to prevent others from changing the NotRun configuration information, it is best to set the access password for NotRun by clicking the menu <;Options→Password→Set password” After entering the NotRun settings interface, you must enter the password, then try the power of NotRun! When the program in the disabled list is started, it will be blocked by NotRun and will not run. NotRun has a good anti-off function and is very self-protective. When you try to force the shutdown of the NotRun.exe process in Task Manager, you will be surprised to find that the program will continue to run hard, making the illegal shutdown operation helpless. This article comes from [System Home] www.xp85.com