How to restrict additional Microsoft Support Diagnostic Tool download in Windows

The Microsoft Support Diagnostic Tool (MSDT) is a built-in Windows troubleshooting utility, but it’s also been targeted in several security attacks. That’s why Microsoft is retiring MSDT and its legacy troubleshooters. If you want to lock down your systems and prevent users from downloading or re-enabling MSDT, here’s how you can do it.

Why Restrict MSDT?

MSDT has been associated with high-profile vulnerabilities, including the infamous “Follina” exploit (CVE-2022-30190). Even though Microsoft is phasing it out, there’s still a risk that someone could download or run it on your system. Blocking it is a smart move, especially for businesses and anyone managing multiple PCs.

Steps to Restrict Microsoft Support Diagnostic Tool Downloads

1. Block Access Through Group Policy

If you’re running Windows Pro, Enterprise, or Education:

1. Press Win + R, type gpedit.msc, and press Enter.
2. Go to Computer Configuration > Administrative Templates > System.
3. Find Don’t run specified Windows applications and double-click it.
4. Set it to Enabled.
5. Click Show, then add msdt.exe to the list.
6. Click OK and close the Group Policy Editor.

This prevents users from launching the MSDT tool.

2. Block MSDT with Registry Editor

If you don’t have Group Policy Editor, use the Registry Editor:

1. Press Win + R, type regedit, and press Enter.
2. Go to:
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
3. Right-click Image File Execution Options, select New > Key, and name it msdt.exe.
4. In the right pane, right-click and select New > String Value.
5. Name it Debugger.
6. Double-click Debugger and set its value to svchost.exe.

This will block MSDT from running, even if someone downloads it again.

3. Remove Legacy Troubleshooters (Windows 11)

On newer Windows 11 builds, Microsoft is removing MSDT-based troubleshooters. To double-check or remove what’s left:

• Go to Settings > System > Troubleshoot > Other troubleshooters.
• Remove or disable any legacy troubleshooters you don’t need.

Pro Tips

• Regularly Update Windows: Stay protected with the latest security updates.
• Limit Admin Rights: Users with standard accounts can’t install or run most tools without approval.
• Monitor for Suspicious Downloads: Use security software to alert you if someone tries to download or execute MSDT.

Final Thoughts

MSDT served its purpose, but its time is up. Lock it down, remove legacy troubleshooters, and keep your system secure. If you manage multiple devices, consider using security policies or endpoint management tools to enforce these settings organization-wide.

Have questions or need help securing your Windows systems? Drop a comment below!

Mark Vincent

Tech enthusiast and content creator passionate about making technology simple for everyone. I share practical tips, guides, and reviews on the latest in computers, software, and gadgets. Let’s explore the digital world together!