Windows permission rejection

I. Download prohibitedProgram

Many times, the client prefers to download many things. This not only occupies a large amount of bandwidth, but also is prone to viruses, resulting in system paralysis. As a network administrator, You have to redo the system. Do you want this to happen again? Disable the client to download objects. Specific Method:

·: Prohibit Access to a website
You can add the website domain name to the hosts file and specify an incorrect IP address for the domain name. For example, if the IP address of www.baidu.com is set to 0.0.0.0, a user will send data to the IP address 0.0.0.0 when accessing www.baidu.com. Thus, users are prohibited from accessing the Baidu website.
Specific Method:
Step 1: Open the c: \ windows \ system32 \ drivers \ etc \ hosts file (open it with notepad ).
Step 2: add the 0.0.0.0 IP address to the end of the notepad and follow the domain name (www.baidu.com) that you want to prohibit access)

·: Prohibit ie downloads
You can Disable IE download. When you click the resource you want to download, the prompt box "the current security settings do not allow Downloading this file" appears or there is no prompt. In this way, you cannot download things.

Method
Step 1: Click IE's "tool" menu
Step 2: click "Internet Options..." and a dialog box is displayed.
Step 3: click the "Security" tab in the dialog box.
Step 4: click "Custom Level.
Step 5: Find "Download-File Download", and then select "Disable" in the following ticket ".
Step 6: Confirm and then confirm.
This is simple, but it has drawbacks. You can also find the "Download-File Download" option and enable it. Therefore, after we Disable IE File Download, we also disable the "IE Security tab" in the Group Policy ". In this way, the user cannot be changed.

Specific Method:
Open the Group Policy, find user configuration → manage template → Windows Components → internetexplorer ------- Internet control panel and double-click "disable security page" ------ select "enabled"

· Prohibit P2P downloads
Most of the time, we download it through P2P software (such as thunder, express, and donkey. In this way, disabling ie from downloading files becomes invalid. In this case, we should use a tool to prohibit P2P download, "P2P program shielding tool ". It allows your computer to disable the running of thunder and other software without detaching it. Http://www.hylmlt.com/viewthread.php? Tid = 53451

Ii. Installation prohibited
Although users cannot download things, users can install software in other ways, such as using mobile devices such as CDs and USB flash drives. Due to my limited capabilities, I have not found any software to prohibit users from installing programs. However, we can prevent users from installing applications by reducing their permissions. Specific Method:

Create a new account and set it to a restricted account
This solves the problem of the user's installation application, but if the installation file name is not setup.exe1_install.exe, it can still be installed.
Therefore, you need to disable some features.

Start -- run -- Enter "gpedit. msc" -- computer configuration -- manage template -- Windows component -- Windows installer to disable "Windows Installer"
This prevents installation of most software. The administrator can enable the software during installation!

3. prohibit the application from running the program.
· Using group policies to prohibit users from running an application
Specific Method:
Open the Group Policy Editor and find "user configuration" ------ "management module" ------ "system ", under the system sub-option, find "do not run the specified Windows application" and double-click --------- select "enabled" in the option that is enabled ", click "show" ------------ and then "add" and enter the name of the application (such as QQ) to be banned ). OK.
In this way, when running QQ, the user will prompt "this operation has been canceled due to the permission of this computer. Please contact your system administrator"

· Use the ws2_32.dll file to prohibit application programs from running.
Ws2_32.dll is a dynamic link library file, which is located in the c: \ windows \ system32 \ directory by default. Many applications need to call this file during runtime. The call sequence is as follows: first, search for the file in the current application directory. If not, search for the file in the system root directory, windows \ system32, and Windows \ System directories.
You can create a folder named ws2_32.dll under the application directory. When you use this application, the message "program initialization (0xc00000ba) failed" appears.

· Use the image hijacking technology to change the applications to be run

The so-called image hijacking is in the registry [HKEY-LOCAL-MACHINE----SOFTWARE-----MICROSOFT----WINDOWS nt ------ current version ------- Image File Execution options create an item named by the Application name (such as qq.exe(, then on this item (qq.exe) create a sub key (string value), and name it as a debugger. In the displayed window, enter the path of another software to be run, for example, c: \ Program Files \ English colloquial exercise .exe. When a user runs the QQ application, the system does not open QQ, instead, the software runs the oral English practice.

Of course, there are many ways to prohibit the use of applications, but I know these methods for the moment (without using the software ). If you have more and more convenient methods or errors in the Article , please come up ........ do you want to learn together!