How to prevent a user from installing programs

To configure the restrictions you will need administrator privileges. Call command prompt by using combination of Win+R and type secpol.msc. Opens snap-in "Local security settings".

Expand the "Policy restriction". Under "object Type" double-click to expand the "Designated file types". In the properties window lists the types of files that are considered executable code.

You need to remove from this list of programs that can be installed by other users. For example, if one of them works with Excel spreadsheets or Access databases, select in the list of these items and click "Remove". Also, delete the. LNK Shortcut. Press OK to confirm.

Double-click to expand "Forced" and toggle the "Apply software restriction policies..." to "all except local administrators". Open the folder "security Levels" and double-click to expand "Unlimited". Click "set default" and OK to confirm.

Open the folder "security Levels" and double-click to expand "Unlimited". Click "set default" and OK to confirm.

Now other users can run only installed by you or by programs. By default, they are located in the folders Program Files and SystemRoot. If some programs are in other sections, you need to add them to the allowed list.

Expand the snap-in "Additional rules" and in the "Name" right-click on empty space. Click "Create path rule" and specify the path to the folder where you are allowed programs.

So users couldn't copy these folders prohibited software, configure permissions. Right click on the folder and choose "sharing and security". In the "Security" tab set permissions for each user group.

Click "Advanced" and navigate to the tab "Permissions". Select a user group, click the "Edit" button in the new dialog box, select the actions that are allowed or denied to this group.