Notices: This section not yet converted to new layout. Download stats are rolling back out.

Simple Software Restriction Policy (Install)

Package test results are passing.

This package was approved by moderator gep13 on 1/14/2019.

To use choco:// protocol URLs, install (unofficial) choco:// Protocol support

Screenshot of Simple Software Restriction Policy

Ransomware is one of the most serious security issues to ever hit the IT industry. A key reason for its severity is that its payload is largely unhindered by traditional security measures such as limited user working or signature-based antivirus scanning.

In order to counteract ransomware, we need to look to entirely different security strategies. An important component of such a strategy can be the implementation of a Software Restriction Policy.

In essence, a Software Policy lays down rules about where on disk programs can be run from. Thus, programs in 'Program Files' will be given the OK, but programs in 'Downloads' will not. Since this defensive mechanism does not rely on identifying a given program as malicious, it is in principle effective against all strains of malware.

Software Restriction Policies are in fact a part of Group Policy, and have been around since the introduction of Windows XP. Thus they are nothing new, although they have been largely overlooked by both IT admins and home users until now.

One of the reasons for the low uptake has undoubtedly been that the Group Policy Editor controls for Software Policies are neither very convenient nor very easy to use. Even after you've figured out what is a very complex set of controls, you are faced with the issue that you cannot easily turn the policy on or off.

Our Simple Software Restriction Policy utility overcomes that. As the name suggests, it turns a complex piece of group policy editing into a simple matter of installing the utility and selecting a few options. What's more, if you need to suspend the policy, that is only a few clicks away and it takes effect immediately, no reboot needed.

A SRP has other advantages besides hardening the computer against malware. For example, it allows you to control the launching of programs from USB key or DVD, other routes by which unwanted software may find its way onto your computer.

Perhaps one of the best features of SSRP is that during normal use of the computer you hardly know it's there. No screen dimming, no continual nags. About the only time you need to interact with it, is if installing or removing software. In which case you can allow yourself 30 minutes to do the work, after which the policy will reinstate itself.

SSRP also offers a means of launching specified programs with limited rights. On legacy systems where the standard user is an Admin, this can very usefully restrict the damage that a compromised Web browser or email client can do to the system. (This feature is turned off by default since later Windows versions have their own means of achieving this, UAE. )


Click here to Patreon-ize the package maintainer.

To install Simple Software Restriction Policy (Install), run the following command from the command line or from PowerShell:

C:\> choco install simple-software-restriction-policy

To upgrade Simple Software Restriction Policy (Install), run the following command from the command line or from PowerShell:

C:\> choco upgrade simple-software-restriction-policy


  • tools\VERIFICATION.txt Show
    ==================== Simple Software Restriction Policy ====================
    Current version Setup. 1568502 bytes. Released 19/10/2018. VirusTotal Report 
    SHA256: A5D6A2D8CE5F8F80D7CAA54509B8BB30C8483002FC6D7A084391F14C89C92F0A
    ==================== Simple Software Restriction Policy ====================
  • tools\SoftwarePolicy220Setup.exe Show
    md5: 3E2A28E0FA2F638366406F1197FAEB9C | sha1: A53E22EB01D58ABE2653554BF7C859ECF98E10B7 | sha256: A5D6A2D8CE5F8F80D7CAA54509B8BB30C8483002FC6D7A084391F14C89C92F0A | sha512: C2658FA71C833FB1872517D3389C41B406F8C8CC756D2AFE718D1887FD1586C9F8B012373989257B234F1728CC027A64121690E85C48335D731F1580BCF82AD3
  • tools\LICENSE.txt Show
    ==================== Simple Software Restriction Policy ====================
    As ever, you use this system-level utility entirely at your own risk. Various forms of disaster are not excluded from the list of possible outcomes of its incorrect use. Or, even of its correct use.
    This software may be duplicated any number of times, and used in private or commercial IT operations. The software may not be sold for profit in any shape or form. Third-party websites and P2P hosts may offer copies for download so long as these conditions are met.
    The source code and executables of this software are released under the GNU Public License, version 3. Icons and other graphics remain the intellectual property of IWR Consultancy, and may not be used in derivative works without permission.
    Thanks are due to the members of the AutoIt coding team at for the programming language itself, and to various contributors for the library routines which have saved a great deal of work.
    It is not necessary to supply source code with every downloaded copy, so long as a link to the publisher's website is included in some form or other at the download location.
    From: Ian Macdonald [mailto:[email protected]] 
    Sent: Saturday, October 1, 2016 1:34 AM
    To: bcurran3
    Subject: Re: IWRC Website Enquiry
    Not met this package manager, but you can roll SSRP out using a silent install option anyway. 
    There have been suggestions from site admins that  central adminstration of policies would be useful, and this is maybe something we'll look into. 
    We don't offer direct download links. The present setup is designed to keep robots out, a protection which has unfortunately become necessary. Basically when you click the link, a php script runs that does various checks  before allowing you to download the file. 
    There is no restriction on hosting a copy elsewhere, though. 
    Regards, Ian. 
    ==================== Simple Software Restriction Policy ====================
  • tools\ChocolateyInstall.ps1 Show
    $ErrorActionPreference = 'Stop'
    $packageName = 'simple-software-restriction-policy'
    $toolsDir    = "$(Split-Path -parent $MyInvocation.MyCommand.Definition)"
    $url         = "$toolsDir\SoftwarePolicy220Setup.exe"
    $checksum    = 'A5D6A2D8CE5F8F80D7CAA54509B8BB30C8483002FC6D7A084391F14C89C92F0A'
    $packageArgs = @{
      packageName   = $packageName
      unzipLocation = $toolsDir
      fileType      = 'EXE'
      url           = $url
      checksum      = $checksum
      checksumType  = 'sha256'
      softwareName  = 'Software Policy*'
    Install-ChocolateyPackage @packageArgs
    Remove-Item $toolsDir\*.exe -Force | Out-Null

Virus Scan Results

In cases where actual malware is found, the packages are subject to removal. Software sometimes has false positives. Moderators do not necessarily validate the safety of the underlying software, only that a package retrieves software from the official distribution point and/or validate embedded software against official distribution point (where distribution rights allow redistribution).

Chocolatey Pro provides runtime protection from possible malware.


This package has no dependencies.

Package Maintainer(s)

Software Author(s)

  • IWR Consultancy


IWR Consultancy


Version History

Version Downloads Last updated Status
Simple Software Restriction Policy (Install) 417 Saturday, October 1, 2016 approved

Discussion for the Simple Software Restriction Policy (Install) Package

Ground rules:

  • This discussion is only about Simple Software Restriction Policy (Install) and the Simple Software Restriction Policy (Install) package. If you have feedback for Chocolatey, please contact the google group.
  • This discussion will carry over multiple versions. If you have a comment about a particular version, please note that in your comments.
  • The maintainers of this Chocolatey Package will be notified about new comments that are posted to this Disqus thread, however, it is NOT a guarantee that you will get a response. If you do not hear back from the maintainers after posting a message below, please follow up by using the link on the left side of this page or follow this link to contact maintainers. If you still hear nothing back, please follow the package triage process.
  • Tell us what you love about the package or Simple Software Restriction Policy (Install), or tell us what needs improvement.
  • Share your experiences with the package, or extra configuration or gotchas that you've found.
  • If you use a url, the comment will be flagged for moderation until you've been whitelisted. Disqus moderated comments are approved on a weekly schedule if not sooner. It could take between 1-5 days for your comment to show up.

comments powered by Disqus uses cookies to enhance the user experience of the site.