Windows 7: Programs are easy to control

How do we manage a wide variety of applications in the operating system? Especially for the case where a computer is used by many people, how to set the usage rights of each user's application? These problems are very simple to solve in Windows 7. Windows 7 not only has the application group policy feature of the old version of the system, but also adds a new security feature called AppLocker that limits the number of programs a user can run on a computer, which files to install, and which scripts to run. Let's take a look at the Windows 7 application management features with the seven examples.

One, & ldquo; white list & rdquo;: the program runs their own calculations!

First, let's take a look at the program running in Windows 7 "white list" and “blacklist" As the name suggests, this feature restricts the programs that are only in this list to or from running.

Click the "Start” button and enter “gpedit.msc” in the search box to open the Group Policy Editor. In the left pane, navigate to “user configuration”-“admin template”→“system”, on the right side we can see & ldquo;do not run the specified Windows application” And “ only run the specified Windows application & rdquo; two options (Figure 1), through these two locations we can achieve the purpose of limiting the program.
Figure 1 Group Policy Editor

Let us disable the use of a program in Windows 7 system, double-click the "Do not run the specified Windows application" option to open the settings dialog. In the unfamiliar state, this function is not activated, we first select the "Allowed" option in the upper left (Figure 2).
Figure 2 Enable the function to prohibit the specified program from running

At this time, the list of applications that are not allowed under the interface will become available, click on the “display” button You can add items (Figure 3). Add an entry to the dialog and enter the full name of the application (including the extension) we want to block.
Figure 3 Adding an application that is not allowed to run

After saving the settings and closing the Group Policy Editor, returning to the desktop, we re-run the program we just added, and Windows 7 will block the program. Run and pop up a dialog box prompt (Figure 4).
Figure 4 Program operation is blocked

In the "Run only the specified Windows application", the setting method is exactly the same, and the seven children will not say more. Through the Group Policy Editor, we can easily set which programs are prohibited and allowed to run. In fact, this function is available from the Windows 2000 system. It is not a new thing. Let's continue to look at the more powerful new features & mdash; —AppLocker.

Second, the settings are more flexible AppLocker features detailed

AppLocker is a new security feature added to Windows 7 system, it can control Windows 7 system programs, installation files and scripts in all aspects The operation is more convenient and flexible than other management functions, especially for different account settings.

Before using the AppLocker feature, first go to the Control Panel and select “Systems & Security>-“Administrative Tools”-“Services>, find the Application Identity service, set to autostart;

Next, to set the AppLocker, we first log in to the Windows 7 system as an administrator, open the Start menu, type “gpedit.msc” to find and open the Group Policy Editor. In the left pane, navigate to “Computer Configuration>-“Windows Settings>-“Security Settings”-“Application Control Policy", under which we can see AppLocker settings item.
Figure 5 Open AppLocker settings in the Group Policy Editor

When the AppLocker item in the tree menu is selected, we can see a lot of support information about AppLocker on the right side of the interface. Windows 7 is very important for this new feature. Hold the AppLocker menu item, which has three sub-items "Nature rules", "Windows installation rules" and "script rules", we first look at the most commonly used "executable rules" to see how Make settings.

Right click on the right side of the blank space and select “Create default rule", then AppLocker will automatically add a few rules, which will ensure that the Windows 7 various programs that we use are available. normal operation.
Figure 6 Create default rules

Then click the right mouse button and select “Create new rules" Start building the rules we need! AppLocker will pop up the rule creation wizard, we just follow the prompts to design step by step. First select the permissions, if we want to prohibit a program from running, of course, select "deny", and in the "users or groups", we can set the user or group to which the rule works. Click the “Select” button, in the pop-up "Select User or Group" window click on the "Advanced" button, and then find the target by finding it. To work for everyone, select “everywhere&rdquo ;
Figure 7 Setting the permissions of the rules

Enter the conditions for selecting the rules in the next step. Here we can set the filtering conditions by the publisher, path or file hash value.
Figure 8 Setting the conditions of the rule

In the "path" setting, you can select the file or folder in the way we are familiar with, and use the pop-up dialog box to locate; and set “ The conditions are more practical and flexible. When we select a target program in the "Publisher" rule setting, you can change the scope of the rule by using the slider in the interface. If you select the "QQ.exe" program, the default is only limited to the QQ2010 with the file version of "1.45.0.0”", and if we drag the slider to the "product name", all versions of QQ2010 will be It is forbidden. If you drag the slider further to "Publisher", then all Tencent products will enter the "blacklist".