The editor takes you to learn Windows7: the program runs easy to control

First, "white list": The program runs its own calculations!

First, let's take a look at the program running in Windows 7 “white list” and “Blacklist” function. As the name suggests, this feature restricts the programs that are only in this list to or from running.

Click the "Start” button and enter “gpedit.msc” in the search box to open the Group Policy Editor. In the left pane, navigate to “user configuration”-“admin template”→“system”, on the right side we can see & ldquo;do not run the specified Windows application” And “ only run the specified Windows application & rdquo; two options, through these two locations we can achieve the purpose of limiting the program.

We use a program that prohibits a program from being used in a Windows 7 system. Double-click the "Do not run the specified Windows application" option to open the settings dialog. In the unfamiliar state, this feature is not activated, we first select the “ Enabled” option in the upper left.

At this time, the list of applications that are not allowed under the interface will become available. Click the “display” button to add the item. Add an entry to the dialog and enter the full name of the application (including the extension) we want to block.

After saving, save the settings and close the Group Policy Editor. Back to the desktop, we re-run the program we just added. At this time, Windows 7 will prevent the program from running and a dialog box will pop up.

In the "Run only the specified Windows application", the setting method is exactly the same, and the seven children will not say more. Through the Group Policy Editor, we can easily set which programs are prohibited and allowed to run. In fact, this function is available from the Windows 2000 system. It is not a new thing. Let's continue to look at the more powerful new features & mdash; —AppLocker.

Second, the settings are more flexible AppLocker features detailed

AppLocker is a new security feature added to Windows 7 system, it can control Windows 7 system programs, installation files and scripts in all aspects The operation is more convenient and flexible than other management functions, especially for different account settings.

Before using the AppLocker feature, first go to the Control Panel and select “Systems & Security>-“Administrative Tools”-“Services>, find the Application Identity service, set to autostart;

Next, to set the AppLocker, we first log in to the Windows 7 system as an administrator, open the Start menu, type “gpedit.msc” to find and open the Group Policy Editor. In the left pane, navigate to “Computer Configuration>-“Windows Settings>-“Security Settings”-“Application Control Policy", under which we can see AppLocker settings item.

When the AppLocker item in the tree menu is selected, we can see a lot of support information about AppLocker on the right side of the interface. Windows 7 can pay great attention to this new feature. Hold the AppLocker menu item, which has three sub-items "Nature rules", "Windows installation rules" and "script rules", we first look at the most commonly used "executable rules" to see how Make settings.

Right click on the right side of the blank space and select “Create default rule", then AppLocker will automatically add a few rules, which will ensure that the Windows 7 various programs that we use are available. normal operation.

Then click the right mouse button and select “Create new rule" Start building the rules we need! AppLocker will pop up the rule creation wizard, we just follow the prompts to design step by step. First select the permissions, if we want to prohibit a program from running, of course, select "deny", and in the "users or groups", we can set the user or group to which the rule works. Click the “Select” button, in the pop-up "Select User or Group" window click on the "Advanced" button, and then find the target by finding it. To work for everyone, select “everywhere&rdquo ;

Go to the next step to select the conditions of the rule, here we can set the filter conditions by the publisher, path or file hash value.

In the "path" setting, you can select files or folders in the way we are familiar with, and use the pop-up dialog box to locate them. Setting the "publisher” condition is more practical and flexible. . When we select a target program in the "Publisher" rule setting, you can change the scope of the rule by using the slider in the interface. If you select the "QQ.exe" program, the default is only limited to the QQ2010 with the file version of "1.45.0.0”", and if we drag the slider to the "product name", all versions of QQ2010 will be It is forbidden. If you drag the slider further to "Publisher", then all Tencent products will enter the "blacklist".

After completing the above settings, all the way "Next" can be, of course, if you want, you can create a name for the rule. When we run QQ after completing the setup, we will see a pop-up window that prohibits running.

The creation of the installer and script rules is basically the same as the executable rule settings described above, so you can get the same. With AppLocker we can easily restrict which users can use which programs, all programs running in Windows 7 can be easily controlled!