Password-protect and hide personal files and folders with Folder Guard for Windows 10,8,7, and XP.



User rating: 4.7/5



Purchase or download a free trial. Read more…

So you don’t want users of your shared computer to download programs from the Internet? Yet, you don’t want to block the Internet access completely and you would rather allow the users to be able to browse web sites and use email, etc.? Folder Guard has a tool for that.

To achieve such a goal, you need to prevent users from saving new executable files to the computer. At the same time, you want the users to be able to use the existing executable files, already installed by the administrator. They also should be able to keep working with other files as usual, with no restrictions. How could you set it up with Folder Guard?

It’s not too difficult. Folder Guard lets you create the file access filters. You could create a filter that would apply to any executable file or a script, but skip other files. You would assign the Read-only attribute to such a filter, and that would stop the attempts to create new executable files (and thus prevent downloading them!), while allow the use of the existing programs.

Let’s do that. If you have one of the latest versions of Folder Guard, the filter we need may already exist: run Folder Guard, choose View – Filters command from the menu to switch to the Filters view, and look for the filter named Stop common downloads. If it’s not there, select the Filter – New command to start creating a new filter. Click on the […] button next to the Apply to files box to specify which files this filter should apply to. The names of the executable files have the extension .exe, so you need to specify the mask *.exe to make the filter apply to any such file. You don’t want the users to download the DLL files either, so add the mask *.dll to the list, too. (In case you are wondering, the DLL files contain software code used by programs.) In fact, add a few other masks to make the filter apply to the files commonly used to run scripts as well (because you probably don’t want the users to run arbitrary scripts!). Here is the text of the Apply to files box that you can use as a starting point for the list:

*.bat;*.cmd;*.com;*.dll;*.download;*.exe;*.hta;*.msi;*.paf;*.rar;*.scr;*.vb*;*.ws;*.wsf;

Of course, your case could require modifications to the list: for example, maybe your users are supposed to be able to modify the BAT scripts? If so, remove *.bat from the list.

What about the *.download files, you might ask? Some web browsers use such files for temporary storage while downloading the files, so we’ve included them in the list, too.

Leave the rest of the properties of our new filter empty: the empty Apply to boxes have the same effect at Apply to all. That is, the filter would apply to all folders, and to any program accessing the file. The empty Except boxes have the same effect as Except none, meaning that no file, folder, or program would be excluded from this filter:

Press OK to close the properties window. If it’s a new filter you’ve just created, you will be prompted to enter a name for the filter. Give it a meaningful name such as Stop common downloads to remind yourself later on why you’ve created the filter:

After the filter has been created, move it to the top of the list (using the Move Up command on the Filter menu) to make sure it will be used by Folder Guard before other filters you might have, and assign the Read-only attribute to it (by, for example, right-clicking on the filter and choosing Access – Read-only from the shortcut menu). A small (I) icon should appear in front of the filter, to indicate the Read-only attribute:

(You may have other filters in the list, you can leave them as they are: if they have no icons in front of them, they will have no effect).

At this point Folder Guard is ready to start protecting your computer. However, before you continue, check the Trusted Users list of Folder Guard and verify that the SYSTEM user is there. Check the Trusted programs list, too, and make sure the following programs are there:



C:/Windows/System32/wuauclt.exe

C:/Windows/servicing/TrustedInstaller.exe

The above entries ensure that Windows Update is “trusted” and has an unrestricted access to all files and folders of your computer. Without them, the filter we’ve created would prevent Windows Update form updating Windows files.

Now resume the protection (or Apply the settings) and test it by trying to download a few programs from various web sites. (If you are looking for a few files to test, you are welcome to use the download page of our web site.)

If you try to download an executable file with Internet Explorer while the filter is in effect, the following error message is displayed:

Other web browsers could give similar messages, or they could just sit there forever expecting the download to start. The end result is, the users cannot download programs anymore while they still should be able to use the existing programs!

Attention System Administrators: Folder Guard is enterprise-ready! The Folder Guard Administrator's Kit is available now.

What if, at some point, you do need to download or install a new program, or remove an exiting one? Well, just pause the protection of Folder Guard, perform the task, then resume the protection back (no Windows restart required).

One side effect of the protection we’ve just set up is that the filter will not only prevent downloading the programs, but it will also prevent installing or copying programs from/to the CD or removable drives. It may be a good thing, or not, depending on your specific requirements. If you want the users to be able to run programs from the removable drives while the Stop common downloads filter is in effect, you need to create another filter that would specifically allow full access to the executable files located on the removable drives.

Happy computing!

If you want to link to this article, you can use this HTML code: <a href=”http://www.winability.com/how-to-stop-downloading-from-internet/”>How to stop users from downloading programs from the Internet</a>

More information