This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 76%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECB%3C/text%3E%3C/svg%3E)
Are there any common windows apps that you come across when inventorying the software on your workstations that users have managed to install as the apps don’t actually require local admin rights? Are there any other ‘safeguards’ that can be put in place in a work environment to prevent installation of apps that don’t require local admin, as currently relying solely on not giving end users local admin on their workstations to stop them installing unapproved apps – only seems to be part of the puzzle with a growing number of apps for newer versions of windows that will install or run just fine without local admin rights. I was just intrigued if there were any common themes in such apps or categories of apps you find have crept onto your workstation estate. Do you have any specific tips on how to identify when such no-local-admin-required apps get installed on your workstations? Any specific tools or other methods that can help?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Hi @crib bar
You can use Applocker to control the list of applications and programs can be used and installed on each workstiation.
Administer AppLocker Configure access to Microsoft Store
Please don't forget to accept helpful answer
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello crib bar, Thank you for posting in Q&A forum.
To block applications to run, you can try the methods below:
You can try the following gpo setting:
---If the Answer is helpful, please click "Accept Answer" and upvote it.
