How to restrict actions in Windows?

Long ago in an educational institution saw a diagram in which the student is available to Windows 10 with a limited set of actions. He can walk on all folders, run programs, but cannot install the new program, save files in different folders and can not change the desktop. To write files you can use only the folder "Documents".
And now I need to implement the same scenario.
March 23rd 20 at 19:43
3 answers
March 23rd 20 at 19:45
This is called policy software restriction.
https://habr.com/ru/post/101971/
Plus NTFS rights are commonplace.

Policy allows you to run applications are located in certain directories such as the Windows folder or ProgrammFiles. When you configured the policy to run application from another location, such as your desktop will not work. And the record the user is permitted only to the home directory - it is the right file system.
March 23rd 20 at 19:47
Standard, of course.
In a domain, simply create a user, configure it right (cropped) via a group and then these users create a backup first.

A small manual for download: itmu.vsuet.ru/Posobija/AD/htm/2_pr.htm
March 23rd 20 at 19:49
5cfcd242352a7820617233.png
The user can throw their desktop any portable software and run it. - taurean22 commented on March 23rd 20 at 19:52
@taurean22, And they can in Word "Open file" to do it. But some programs do work. - marcelo.Joh commented on March 23rd 20 at 19:55
@taurean22, with the exception of cases when the file system for desktop recursively selected execution rights. - hudson.Schiller35 commented on March 23rd 20 at 19:58
@hudson.Schiller35,
And they can in Word "Open file" to do it.
And what can be done there???
In word there is no choice of file system being used - in fact it is a normal conductor.
And there you can do exactly that in a conventional conductor. - taurean22 commented on March 23rd 20 at 20:01

Find more questions by tags WindowsAccess rights