How to block portable application & prevent installation on Active Directory?


  • Hi All,

    How do i block portable application (application doesn't require to install) & prevent software installation on Active Directory?

    I have created hash rule and apparently i need to copy every version of the application on Active Directory.For example Ultrasurf v9.5 and Ultrasurf v10.5 and another thing how to prevent power user to install application such as firefox,winamp etc.

    Glad if you guys can assist me.Thanks in advance.


    Saturday, January 8, 2011 2:19 AM


  • Preventing installation of applications through Active Directory can be achieved by:

    • Configuring your end-users as non-admins on their PCs,
    • Configuring User Rights Assignment, or
    • Configuring specific User Account Control Settings.

    The first method is the most desirable way to configure this. In situations where users aren't allowed to install applications, most of the time you don't want them fiddling with network settings are being able to create (non-domain) users.


    Preventing users from running portable applications can be done through:

    • Configuring specific User Account Control Settings
    • Software Restriction Policies
    • AppLocker

    Since you've created a hash rule, you're using the second method. The disadvantage of that method is that you will need to create hash rules for every version of an undesired application. Using AppLocker is the solution to that problem if you're running Windows 7 Enterprise or Windows 7 Ultimate on the workstations, and the applications are all signed.  

    Using specific User Account Control Settings you can eventually help your users from running applications (and preventing application installs) by prompting them for their password every time they want to install an application or run an application from a location other than Program Files and Windows. More information here.


    Saturday, January 8, 2011 7:36 AM