If you use the Microsoft Family settings for your kids and can’t figure out how to prevent them from installing Chrome or Chromium this will help.
This PowerShell script (ran as Administrator) will create/modify the user folders to prevent users from accessing the needed folders to run the two programs.
# List all users and last time used
#gwmi win32_userprofile | select @{LABEL="last used";EXPRESSION={$_.ConvertToDateTime($_.lastusetime)}}, LocalPath, SID, Status, Disabled, AccountType, Lockout, special, PasswordRequired | ft -a
# List all users capable of logging in
Get-WmiObject -Class Win32_UserAccount -Filter "LocalAccount='True'" | Where-Object { $_.Disabled -ne 'False' -and $_.PasswordRequired -eq 'True' } | Select-Object PSComputername,Fullname,Name,Status,Disabled,AccountType,Lockout,PasswordRequired,PasswordChangeable,SID | Format-Table
$users = $(Get-WmiObject -Class Win32_UserAccount -Filter "LocalAccount='True'" | Where-Object { $_.Disabled -ne 'False' -and $_.PasswordRequired -eq 'True' })
foreach ($user in $users)
{
$user.Name
$user1 = $(gwmi win32_userprofile | Where-Object { $_.SID -like "$($user.SID.SubString(0,8))*" } | Select-Object @{ LABEL = "last used"; EXPRESSION = { $_.ConvertToDateTime($_.lastusetime) } },LocalPath,SID,Status,Disabled,AccountType,Lockout,special,PasswordRequired)
if ($(Test-Path $user1.LocalPath) -eq $True) {
$userpaths = $user1.LocalPath
}
}
foreach ($userpath in $userpaths | Get-Unique)
{
Write-Output "Looking for $userpath\AppData\Local\Google"
$path = "$userpath\AppData\Local\Google"
if ($(Test-Path $path) -eq $True) {
# Google is installed
#Get-Item $path | Get-NTFSAccess –ExcludeInherited | Out-File c:\temp\OriginalPermissions.txt -Append
Get-Item "$path" | Disable-NTFSAccessInheritance
Get-Item "$path" | Get-NTFSAccess | Remove-NTFSAccess
Get-Item "$path" | Add-NTFSAccess -Account 'builtin\administrators' -AccessRights FullControl
Get-Item "$path\*" | Disable-NTFSAccessInheritance
Get-Item "$path\*" | Get-NTFSAccess | Remove-NTFSAccess
Get-Item "$path\*" | Add-NTFSAccess -Account 'builtin\administrators' -AccessRights FullControl
}
else
{
# Google is not installed
mkdir -Force $path
#Get-Item $path | Get-NTFSAccess –ExcludeInherited | Out-File c:\temp\OriginalPermissions.txt -Append
Get-Item "$path" | Disable-NTFSAccessInheritance
Get-Item "$path" | Get-NTFSAccess | Remove-NTFSAccess
Get-Item "$path" | Add-NTFSAccess -Account 'builtin\administrators' -AccessRights FullControl
Get-Item "$path\*" | Disable-NTFSAccessInheritance
Get-Item "$path\*" | Get-NTFSAccess | Remove-NTFSAccess
Get-Item "$path\*" | Add-NTFSAccess -Account 'builtin\administrators' -AccessRights FullControl
}
Write-Output "Looking for $userpath\AppData\Local\Chromium"
$path = "$userpath\AppData\Local\Chromium"
if ($(Test-Path $path) -eq $True) {
# Chromium is installed
#Get-Item $path | Get-NTFSAccess –ExcludeInherited | Out-File c:\temp\OriginalPermissions.txt -Append
Get-Item "$path" | Disable-NTFSAccessInheritance
Get-Item "$path" | Get-NTFSAccess | Remove-NTFSAccess
Get-Item "$path" | Add-NTFSAccess -Account 'builtin\administrators' -AccessRights FullControl
Get-Item "$path\*" | Disable-NTFSAccessInheritance
Get-Item "$path\*" | Get-NTFSAccess | Remove-NTFSAccess
Get-Item "$path\*" | Add-NTFSAccess -Account 'builtin\administrators' -AccessRights FullControl
}
else
{
# Chromium is not installed
mkdir -Force $path
#Get-Item $path | Get-NTFSAccess –ExcludeInherited | Out-File c:\temp\OriginalPermissions.txt -Append
Get-Item "$path" | Disable-NTFSAccessInheritance
Get-Item "$path" | Get-NTFSAccess | Remove-NTFSAccess
Get-Item "$path" | Add-NTFSAccess -Account 'builtin\administrators' -AccessRights FullControl
Get-Item "$path\*" | Disable-NTFSAccessInheritance
Get-Item "$path\*" | Get-NTFSAccess | Remove-NTFSAccess
Get-Item "$path\*" | Add-NTFSAccess -Account 'builtin\administrators' -AccessRights FullControl
}
Write-Output "Looking for $userpath\AppData\Local\Roblox"
$path = "$userpath\AppData\Local\Roblox"
if ($(Test-Path $path) -eq $True) {
# Roblox is installed
#Get-Item $path | Get-NTFSAccess –ExcludeInherited | Out-File c:\temp\OriginalPermissions.txt -Append
Get-Item "$path" | Disable-NTFSAccessInheritance
Get-Item "$path" | Get-NTFSAccess | Remove-NTFSAccess
Get-Item "$path" | Add-NTFSAccess -Account 'builtin\administrators' -AccessRights FullControl
Get-Item "$path\*" | Disable-NTFSAccessInheritance
Get-Item "$path\*" | Get-NTFSAccess | Remove-NTFSAccess
Get-Item "$path\*" | Add-NTFSAccess -Account 'builtin\administrators' -AccessRights FullControl
}
else
{
# Roblox is not installed
mkdir -Force $path
#Get-Item $path | Get-NTFSAccess –ExcludeInherited | Out-File c:\temp\OriginalPermissions.txt -Append
Get-Item "$path" | Disable-NTFSAccessInheritance
Get-Item "$path" | Get-NTFSAccess | Remove-NTFSAccess
Get-Item "$path" | Add-NTFSAccess -Account 'builtin\administrators' -AccessRights FullControl
Get-Item "$path\*" | Disable-NTFSAccessInheritance
Get-Item "$path\*" | Get-NTFSAccess | Remove-NTFSAccess
Get-Item "$path\*" | Add-NTFSAccess -Account 'builtin\administrators' -AccessRights FullControl
}
Write-Output "Looking for $userpath\AppData\Local\Steam"
$path = "$userpath\AppData\Local\Steam"
if ($(Test-Path $path) -eq $True) {
# Steam is installed
#Get-Item $path | Get-NTFSAccess –ExcludeInherited | Out-File c:\temp\OriginalPermissions.txt -Append
Get-Item "$path" | Disable-NTFSAccessInheritance
Get-Item "$path" | Get-NTFSAccess | Remove-NTFSAccess
Get-Item "$path" | Add-NTFSAccess -Account 'builtin\administrators' -AccessRights FullControl
Get-Item "$path\*" | Disable-NTFSAccessInheritance
Get-Item "$path\*" | Get-NTFSAccess | Remove-NTFSAccess
Get-Item "$path\*" | Add-NTFSAccess -Account 'builtin\administrators' -AccessRights FullControl
}
else
{
# Steam is not installed
mkdir -Force $path
#Get-Item $path | Get-NTFSAccess –ExcludeInherited | Out-File c:\temp\OriginalPermissions.txt -Append
Get-Item "$path" | Disable-NTFSAccessInheritance
Get-Item "$path" | Get-NTFSAccess | Remove-NTFSAccess
Get-Item "$path" | Add-NTFSAccess -Account 'builtin\administrators' -AccessRights FullControl
Get-Item "$path\*" | Disable-NTFSAccessInheritance
Get-Item "$path\*" | Get-NTFSAccess | Remove-NTFSAccess
Get-Item "$path\*" | Add-NTFSAccess -Account 'builtin\administrators' -AccessRights FullControl
}
}
<#
#Install-Module -Name NTFSSecurity
Get-Item $path | Get-NTFSAccess –ExcludeInherited | Out-File c:\temp\OriginalPermissions.txt -Append
Get-Item "$path\*" | Disable-NTFSAccessInheritance
Get-Item "$path\*" | Get-NTFSAccess -ExcludeExplicit builtin\administrators | Remove-NTFSAccess
Get-Item "$path\*" | Set-NTFSOwner -Account builtin\administrators
#>
# Block Microsoft Store (within Windows) - Run as Administrator
# NOTE This block is for all users of the computer.
Write-Output "0.0.0.0 livetileedge.dsx.mp.microsoft.com" | Add-Content "C:\Windows\System32\drivers\etc\hosts"
Write-Output "0.0.0.0 store-images.s-microsoft.com" | Add-Content "C:\Windows\System32\drivers\etc\hosts"
Write-Output "0.0.0.0 storeedgefd.dsx.mp.microsoft.com" | Add-Content "C:\Windows\System32\drivers\etc\hosts"
Write-Output "0.0.0.0 vrv.colivetileedge.dsx.mp.microsoft.com" | Add-Content "C:\Windows\System32\drivers\etc\hosts"
Originally Posted on January 1, 2019
Last Updated on January 11, 2019
Last Updated on January 11, 2019
All information on this site is shared with the intention to help. Before any source code or program is ran on a production (non-development) system it is suggested you test it and fully understand what it is doing not just what it appears it is doing. I accept no responsibility for any damage you may do with this code.