asked on How to lock down a windows 10 PC
What is the best way to lock down a windows 10 pc and only allow specific programs to run including limiting or excluding a browser?
Would that be kiosk mode? and what is the procedure you would use to achieve this?
Windows OSWindows 10
Last Comment
McKnife
ASKER
I am pretty sure this is for Windows 10 home edition. I should have mentioned that. The docs show it will work on any edition https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/applocker/requirements-to-use-applocker
This is to keep a student focused on a very limited number of applications. If the laptop has multiple users, can I apply applocker to one user and not the other?
This is to keep a student focused on a very limited number of applications. If the laptop has multiple users, can I apply applocker to one user and not the other?
Applocker is for the enterprise and eductaion edition...but not for the home edition!
You may use software restriction policies on home as well, though not using the Windows GUI, since SRP is not included in home but still possible! Use "restric'tor" from here https://www.heise.de/download/product/restrictor
Yes, you may and should exclude local admins. Please try it in a VM to avoid locking yourself out. GUI is in german!
You may use software restriction policies on home as well, though not using the Windows GUI, since SRP is not included in home but still possible! Use "restric'tor" from here https://www.heise.de/download/product/restrictor
Yes, you may and should exclude local admins. Please try it in a VM to avoid locking yourself out. GUI is in german!
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
ASKER
The German language is going to be a barrier for me
Ok, that's understandable. Unfortunately, there's no english version of it. I could provide screenshots which would get you going, though.
By the way, with the modern store apps, SRP (and thus restric'tor) will not really help after all, since it cannot disallow those. So you would need to change your windows edition to education or enterprise to be able to use applocker or rely on a 3rd party product.
What's possible (and secure) with home is to use assigned access which limits a restricted to to a single store app (if that is what satisfies the need).
What's possible (and secure) with home is to use assigned access which limits a restricted to to a single store app (if that is what satisfies the need).
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
This is to restrict somebody to use only specific programs but they are not from the MS app store. Also possible lockdown to one specific browser and on that browser, specific websites.
ASKER
Would it be better to just upgrade windows to pro or education?
Use google translate on the page. Works like a charm for me.
Limiting websites is difficult without implementing a proxy like "Squid" OpenDNS might be a possible attempt. not assigning a dns server (or setting invalid entries) and only allowing the hosts file will work but is a pain to administrate and will affect all users of the machine.
Perhaps something along the lines of Net Nanny
restrictor translasted.txt
Downloaded and ran the program.. Yes the lack of internationalization of the program itself could be problematic
Limiting websites is difficult without implementing a proxy like "Squid" OpenDNS might be a possible attempt. not assigning a dns server (or setting invalid entries) and only allowing the hosts file will work but is a pain to administrate and will affect all users of the machine.
Perhaps something along the lines of Net Nanny
restrictor translasted.txt
Downloaded and ran the program.. Yes the lack of internationalization of the program itself could be problematic
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
ASKER CERTIFIED SOLUTION
Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Edit: tried on Win10/11 home - works as well!
ASKER
Thanks.
Is this something I could run just for one user?
And this is for a friend's teen kid that is in trouble and has to have their laptop locked down. I can understand that scripting. If it is for all users, how do you undo everything?
Is this something I could run just for one user?
And this is for a friend's teen kid that is in trouble and has to have their laptop locked down. I can understand that scripting. If it is for all users, how do you undo everything?
It is active for non-admins only, so if the parents have admin accounts and the kids account is just a standard (restricted) account, this will be suitable without troubling the parents.
There are three scripts and one of them is able to undo what the create-script did, of need be.
There are three scripts and one of them is able to undo what the create-script did, of need be.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
The secure side of it is called "assigned access", which leaves no way to circumvent the limits.
"Assigned access" limits a user to one defined app. However, that would need to be a modern app ("UWP"), one that is installed from the Microsoft store and not a conventional desktop app. See https://docs.microsoft.com/en-us/windows/configuration/kiosk-single-app
For conventional apps, you would use the built-in Applocker (Enterprise/Eductaion edition) or "software restriction policies" (other editions, even home). That would be much more troublesome, but you would get there.