How does Win7 limit the program running

? If you don't want your office colleagues to run QQ or Ali Wangwang on your computer, but if you don't let your colleagues install it, it will hurt you. What should we do? We can use Windows 7 completely. The system restricts the execution of the specified program. By using the new AppLocker function (application control policy) of the Windows 7 system, it is easy to create a restriction policy for a program.
For example, if you want to ban QQ running, you can do this: Click “Start”→ in the "Search programs and files" box type secpol.msc→ press Enter → open local security policy → Find the application control strategy → AppLocker & rarr; right blank area right-click menu → create a new rule & rarr; enter the new rules wizard.
<quo;Permissions" Steps: The action is set to “Reject", the user can select “Everyone" or specify the account.
“Conditions Steps: The most insured is to limit the conditions of the "publisher", that is, the current large software related programs are signed by the software publisher, using this rule , you can limit all the programs that have the signature, which avoids the "path" rule to modify the path to run, or the "file hash" rule can be run in a different version of the circumvention. For the convenience of presentation, here we choose “publisher”.
“Publisher"Settings:"Browse"> Find the main program file of QQ. After selecting, the relevant information of the program will appear automatically. In the slide button, we select “Publisher”.
 Exceptions  Settings: After the previous step, all programs with Tencent official signatures will not run, such as QQ, QQ music, QQ video, QQ games, etc. Tencent series software, even including the installer If you need to allow a program to run separately, you can add it as an exception here.
“Name”Settings: The final step is to set the rule name. You can help this rule get an easy-to-recognize name.
If you are currently creating the first rule, then there will be a default rule creation prompt after completion, you need to click “ is ”, allow the creation of default rules, so that you do not set the rules to make the system file program To the limit.
After successful creation of a rule, when attempted to run any program with Tencent's official signature, the operation will be blocked. This rule works regardless of how the user changes the file path and version.
If the AppLocker rule is invalid, click “Start”→ in the "Search Programs and Files" box, type services.msc→ press Enter → open “service”, find the Application Identity item, set its startup type to “auto", then press “start” to make the rule take effect.