Windows 10 Creators Update: block Win32 program installation

If you run the latest Windows 10 Insider Build, you may have spotted a new option already that lets you block the installation of Win32 programs on the system.

While there is no guarantee that the feature will land in the Creators Update, as Microsoft may pull it again before the final version is released, it appears as if users get the option to block any win32 program installation on the device.

The feature is not turned on by default of course, and it is unclear why Microsoft added it to the operating system.

Administrators could use it to lock down the system. One side-effect of not being able to install Win32 applications is that it will also keep malware that is distributed through installers in check.

The core difference to Windows RT Cloud is that users may run any win32 program that is already installed on the system, and also any software that does not require installation.

Windows 10 Creators Update: block Win32 program installation

The new feature offers two options when it comes to the installation of legacy Windows programs on a system running the latest version of Windows 10.

The first blocks the installation of any win32 programs. Users who try to install programs anyway get the following message:

You can only install apps from Windows Store. Limiting installations to apps from the Store helps to keep your PC safe and reliable.

A link points to the relevant preference under Apps & features in the settings.

The second option displays the same message, but adds ab "install anyway" button to the prompt. This means that users may install the legacy program after all, as it is not blocked completely.

Do the following to configure the feature:

  1. Tap on the Windows-key, and select Settings from the Start menu.
  2. Navigate to System > Apps & features.
  3. Select "choose where apps can be installed from", and pick one of the available options:
    1. Allow apps from anywhere.
    2. Prefer apps from the Store but allow apps from anywhere (prompt with install anyway).
    3. Allow apps from the Store only.

I don't see many scenarios where users may want to limit the installation of programs on their devices.

While you may block your parents, kids, or anyone else from installing win32 apps after adding all they require to the system, it is not a method that will block all malware or unreliable software from running on the device. The main reason for that is that it will only block installations, but nothing else.

The locked down setting won't prevent program updates either. So, if a win32 program is already installed, any updates for it will install fine as well.

The German site Deskmodder discovered the Registry values for the feature:

  1. Tap on the Windows-key, type regedit.exe and hit the Enter-key.
  2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
  3. Locate AicEnabled.
  4. Value of Anywhere means all installations allowed.
  5. Value of PreferStore displays warning but allows bypass.
  6. Value of StoreOnly blocks all future win32 installations.

Now You: What is your take on the feature? Good to prevent malware infections and installation of unreliable software? Useless? Or something in between?

Summary
Article Name
Windows 10 Creators Update: block Win32 program installation
Description
If you run the latest Windows 10 Insider Build, you may have spotted a new option already that lets you block the installation of Win32 programs on the system.
Author
Publisher
Ghacks Technology News
Logo
Please share this article

Facebooktwittergoogle_plusredditlinkedinmail



Responses to Windows 10 Creators Update: block Win32 program installation

  1. beemeup4 February 27, 2017 at 8:36 pm #

    Win32 programs, in other words, every program ever made for Windows. Yeah sure let's block that and only allow "apps" from our Store! Progress!

    • Oki February 27, 2017 at 8:40 pm #

      I guess you haven't read the second half of the article.

      From article:

      Select "choose where apps can be installed from", and pick one of the available options:
      1. Allow apps from anywhere.
      2. Prefer apps from the Store but allow apps from anywhere (prompt with install anyway).
      3. Allow apps from the Store only.

  2. insanelyapple February 27, 2017 at 10:02 pm #

    It's most likely the equivalent of Apple's macOS Gatekeeper feature which also offers from where apps can be installed; plus, my guess is it may be also related to that Cloud version of W10.

    For less experienced users this feature may be useful, but it doesn't seem to be need at all for those who know how to deal with stuff on Windows machines.

    My country variant of Windows Store doesn't have anything worth attention in choice of modern applications, not mention that there are just few win32 programs in it, so I don't see how this feature of preferring Store apps over classic programs could offer me anything good. And another thing is that I don't like idea of corporations being able to control of what I have installed on my machine (both App Store and Windows Store can remotely remove application from computers for any reason) despite of how this could potentially safe my ass; we never know when they decide that they totally remove ability of installing applications from other sources because of this false sense of security and need for "progress".

  3. LD February 27, 2017 at 10:02 pm #

    MS is obviously working on one of those settings as becoming the default (at some time). I would prefer 'Allow apps from anywhere' as the default setting, but honestly can't see that happening. The worst outcome would be 'Allow apps from the Store only' as the default. I do not have a MS Account and I am reluctant to get one. My bet is that the default setting will eventually be 'Prefer apps from the Store but allow apps from anywhere (prompt with install anyway)'.

    I do not see this as addressing a security problem. It has no hope in hell of controlling bloat. It may lead to more UWP versions of Win32 apps, but developers are not beating down Redmond's doors. Win32 apps have to meet pretty high standards and prerequisites so it is unlikely that they will have malware payloads. I think they are just imitating the Apple Store strategy. Apple deploys a heavy hand over their Store apps. and they make a lot of revenue on them.

    If none of the three options become the default, and they remain opt-in only, then it should not cause Gamers and third party win32 app developers too much despair. The problem would be if it does not stay that way.

  4. No, Thank You February 27, 2017 at 10:22 pm #

    Store Apps! So much Freedom and Democracy!

  5. P February 27, 2017 at 11:01 pm #

    The downward spiral continues...

  6. Croatoan February 27, 2017 at 11:22 pm #

    It's good option for one man sysadmin shops. Easy to secure Windows.

  7. hirobo February 27, 2017 at 11:40 pm #

    Isn't this part of the Totalitarian tip-toe where they take small steps towards killing off [legacy] Win32 apps? MS just don't get it. The reason I'm on Windows is for those Win32 apps. If I wanted a UWP-type platform, Android would be the better option...

  8. Yuliya February 28, 2017 at 1:32 am #

    Yup, one step further towards Micro$oft's walled garden. Expect this to be enforced in a year or two, at most. There is no other reason why this should exist. It's not helping anyone, not even sysadmins, it's just one more annoyance. Because sysadmins (just like every other single other home user of Windows 7 or newer) already had a feature called AppLocker, which not only serves the same purpose, but it offers much more granularity when it comes to which software should or should not run on a PC.

    Before anyone claims "but you can disable it".. yeah, the same way you could disable lock screen, cortana,. and God knows what other cr.p is in this OS.

  9. Fena February 28, 2017 at 3:44 am #

    The MS operating system will be one big google type store soon. There will be no choices available ! It's bad for consumers but worse for business'. I hope all companies worldwide start looking for alternatives soon.

  10. Nobody in particular February 28, 2017 at 9:06 am #

    Why is there no option for "Only allow local apps, no apps from Store", hmm?

  11. zund February 28, 2017 at 11:34 am #

    sweeney was right. :)

  12. Jeff February 28, 2017 at 12:30 pm #

    But why idiots use Windows 10 in the first place? Use Windows 7 or 8.1 with Classic Shell and wait till the CEO gets fired again. Maybe next CEO will be one who understands that operating systems need to be offline and keep the user in control. Not an always changing "service" that reduces value and control with each "free update".

Leave a Reply