diff --git a/apps/node_man/handlers/validator.py b/apps/node_man/handlers/validator.py
index 7b31a5a00..88d4ac39a 100644
--- a/apps/node_man/handlers/validator.py
+++ b/apps/node_man/handlers/validator.py
@@ -16,8 +16,9 @@
 from django.utils.translation import ugettext_lazy as _
 
 from apps.adapters.api.gse import get_gse_api_helper
+from apps.backend.components.collections.base import DBHelperMixin
 from apps.node_man import constants as const
-from apps.node_man import tools
+from apps.node_man import models, tools
 from apps.node_man.exceptions import (
     ApIDNotExistsError,
     CloudNotExistError,
@@ -479,6 +480,12 @@ def install_validate(
     else:
         host_id__agent_state_info_map = {}
 
+    add_host_biz_blacklist = []
+    if job_type in [const.JobType.INSTALL_AGENT]:
+        add_host_biz_blacklist: typing.List[int] = models.GlobalSettings.get_config(
+            models.GlobalSettings.KeyEnum.ADD_HOST_BIZ_BLACKLIST.value, default=[]
+        )
+
     for host in hosts:
         ap_id = host.get("ap_id")
         bk_biz_id = host["bk_biz_id"]
@@ -501,6 +508,19 @@ def install_validate(
             "msg": "",
         }
 
+        # 检查：bk_biz_id和bk_cloud_id是否在新增主机黑名单
+        if all(
+            [
+                job_type in [const.JobType.INSTALL_AGENT],
+                bk_cloud_id in DBHelperMixin().add_host_cloud_blacklist,
+                bk_biz_id in add_host_biz_blacklist,
+            ]
+        ):
+            error_host["msg"] = _("管控区域【ID：{bk_cloud_id}】已被管理员限制新增主机").format(bk_cloud_id=bk_cloud_id)
+            error_host["exception"] = "limit_add_host"
+            ip_filter_list.append(error_host)
+            continue
+
         # 检查：是否有操作系统参数
         if not host.get("os_type") and node_type != const.NodeType.PROXY:
             raise NotExistsOs(_("主机(IP:{ip}) 没有操作系统, 请【重装】并补全相关信息").format(ip=ip))
diff --git a/apps/node_man/models.py b/apps/node_man/models.py
index b4ad28cd5..4b04f3715 100644
--- a/apps/node_man/models.py
+++ b/apps/node_man/models.py
@@ -172,6 +172,8 @@ class KeyEnum(Enum):
         NEED_CLEAN_SUBSCRIPTION_APP_CODE = "NEED_CLEAN_SUBSCRIPTION_APP_CODE"
         # 腾讯云安全组策略配置
         TXY_POLICY_CONFIGS = "TXY_POLICY_CONFIGS"
+        # 业务新增主机黑名单，用于限制指定业务通过安装 Agent 新增主机，配置样例：[1, 2]
+        ADD_HOST_BIZ_BLACKLIST = "ADD_HOST_BIZ_BLACKLIST"
 
     key = models.CharField(_("键"), max_length=255, db_index=True, primary_key=True)
     v_json = JSONField(_("值"))