我是超级用户新手,你好!
我正在尝试阻止 Windows 10 Home 笔记本电脑上的应用程序,并且这对 .exe 应用程序有效:
- 打开注册表
- 转到 Computer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
- 添加一个值为 1 的 DisallowRun DWORD
- 转到计算机\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
- 添加一个名称为 1 的字符串值和 .exe 名称的字符串(如 notepad.exe)
- 添加名称为 2、3、4 等的字符串以获取更多信息
但我无法让它与 UWP 应用兼容
(例如相机,它在‘C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2021.105.10.0_x64__8wekyb3d8bbwe\MicrosoftCamera.exe’中显示为‘MicrosoftCamera.exe’,但我无法通过打开该.exe 来运行它,并且将其添加到注册表后它也不起作用)
并且无法在线找到解决方案。
请注意,我使用的是 Windows 10 家庭版,而不是企业版
编辑:你好:)我已经在虚拟机上尝试过,这里是存储密钥的文件夹:
Computer\HKEY_USERS\S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D693923F-961D-413F-B54F-22979CD68730}Machine\Software\Policies\Microsoft\Windows\SrpV2\Appx\a9e18c21-ff8f-43cf-b9fc-db40eed693ba
最后的 UUID 是被删除的密钥,这意味着手动进行这些更改是不可能的,我会坚持使用 gui。
对于任何想要了解的人来说,这里有一步一步的指南可以帮你完成这个任务。
- 以管理员身份运行此批处理文件(来自极客)
pushd "%~dp0"
dir /b %SystemRoot%\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientExtensions-Package~3*.mum >List.txt
dir /b %SystemRoot%\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientTools-Package~3*.mum >>List.txt
for /f %%i in ('findstr /i . List.txt 2^>nul') do dism /online /norestart /add-package:"%SystemRoot%\servicing\Packages\%%i"
pause
- 以管理员身份执行此命令:
sc config "AppIDSvc" start=auto & net start "AppIDSvc" - 使用 WIN+R 打开 secpol.msc
- 跟随这更多教程,成功了 :D
以下是其他一些变化(使用 regshot 测量):
Keys deleted:
HKU\S-1-5-21-xxxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D693923F-961D-413F-B54F-22979CD68730}Machine\Software\Policies\Microsoft\Windows\SrpV2\Appx\f1e0c1a8-b3c0-42ab-a49f-af46170a79a5
Values deleted:
HKU\S-1-5-21-xxxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D693923F-961D-413F-B54F-22979CD68730}Machine\Software\Policies\Microsoft\Windows\SrpV2\Appx\f1e0c1a8-b3c0-42ab-a49f-af46170a79a5\Value: " "
Values changed:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\0\Version: 0x000B000B
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\0\Version: 0x000C000C
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}\StartTimeLo: 0xB33D19CA
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}\StartTimeLo: 0x0CBDEC0F
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}\StartTimeHi: 0x01D901CE
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}\StartTimeHi: 0x01D901CF
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}\EndTimeLo: 0xB341C420
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}\EndTimeLo: 0x0CC297B7
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}\EndTimeHi: 0x01D901CE
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}\EndTimeHi: 0x01D901CF
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\GPO-List\0\Version: 0x000B000B
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\GPO-List\0\Version: 0x000C000C
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Status\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\LastPolicyTime: 0x0158545A
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Status\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\LastPolicyTime: 0x0158545D
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\0\Version: 0x000B000B
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\0\Version: 0x000C000C
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}\StartTimeLo: 0xB33D19CA
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}\StartTimeLo: 0x0CBDEC0F
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}\StartTimeHi: 0x01D901CE
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}\StartTimeHi: 0x01D901CF
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}\EndTimeLo: 0xB341C420
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}\EndTimeLo: 0x0CC297B7
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}\EndTimeHi: 0x01D901CE
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}\EndTimeHi: 0x01D901CF
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\GPO-List\0\Version: 0x000B000B
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\GPO-List\0\Version: 0x000C000C
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Group Policy\Status\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\LastPolicyTime: 0x0158545A
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Group Policy\Status\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\LastPolicyTime: 0x0158545
答案1
查看文章 如何使用 AppLocker 阻止 Microsoft Store 应用程序在 Windows 10 中运行. 它通过详细的屏幕截图解释了该过程的每个步骤。
以下只是需要遵循的基本步骤。请注意,UWP 应用在 Windows 中被称为“打包应用”。
- 确保应用程序标识服务已启用并正在运行
- 在本地安全策略 (
secpol.msc) 中的应用程序控制策略 > AppLocker 中,配置规则实施,启用打包应用规则 - 在打包应用程序规则上下文菜单中,使用创建默认规则,然后为特定用户帐户/组/每个人创建新规则以拒绝,然后选择要拒绝的应用程序。
- 完成后,关闭本地安全策略窗口。
最终状态将类似于此:
