If you need to restrict running programs on your computer – then this article is for you. In today’s article, we will look at how to allow (prevent) the launch of certain programs using group policies or in the registry editor.
This method is not categorical, and if you allow the launch of only certain programs, an advanced user will be able to allow the launch of everything, but still he will have to look for how to do it.
Prevent (allow) certain programs to run using group policies
Group policies are available only in Windows Pro, Enterprise or Education, if you have a home version of Windows, go to the second method. If you want to prohibit (allow) the launch of certain programs for other users of this computer, first follow the instructions “How to configure group policies for specific users”.
1. In the search bar or in the “Run” menu (run by pressing the Win + R keys) enter gpedit.msc and press the Enter key.
2. Go to “User Configuration” => Administrative Templates => “System” => If you want to prevent the launch of certain programs – open the option “Do not start specified Windows applications”, if you want to allow certain programs to run, and the rest to be prohibited – open “Run only specified Windows applications”
Put a full stop in the “Enabled” field and click on “Show”. IMPORTANT: in some versions of Windows, these actions are prohibited by the group policies themselves, the task manager and the registry editor also stop opening, which in turn does not allow you to return everything as it was and you have to fix everything in the additional system boot parameters. To prevent this from happening, add gpedit.msc and regedit.exe to the list of allowed ones. Or create a user for whom you want to restrict the opening of programs and make these permissions for him, leaving yourself the right to change everything.
In this window, you need to enter the applications that are allowed (prohibited) to run. Enter the name of the file to run, if you do not know it – click on the shortcut of the desired program with the right mouse button, go to the properties and see.
Double click on “OK” and restart your computer. Now the applications that you entered in the list will open without problems, and when you open programs that are not in the list, a window will appear “… Contact your system administrator” (this is if you allowed only certain programs to run, if you prohibited the launch of certain programs, then programs from the list will not open, and all others will work).
At any time you can go to group policies and disable this setting, or add other allowed programs to the list.
Prevent (allow) the launch of certain programs in the registry editor
1. In the search bar or in the run menu (run by pressing the Win + R keys) enter the command regedit and press the Enter key.
2. Follow the path HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion Policies => in the Policies section open the Explorer section, if it is not there – right-click on the Policies section, select “New” => “Section” => name it Explorer => right-click on the Explorer section, select “New” => “Parameter DWORD (32 Bits) => if you want to prohibit certain programs – name the new parameter DisallowRun , if you want only certain programs to run, and the rest to be prohibited, name the new parameter RestrictRun
3. Open the parameter RestrictRun or DisallowRun => in the “Value” field enter 1 and press the Enter key.
4. Click on the Explorer section with the right mouse button, select “New” => “Section” => if you want to block certain programs – name the new section DisallowRun, if you want to allow the launch of certain programs – name the new section RestrictRun
5. Click on the RestrictRun or DisallowRun section with the right mouse button, select “New” => “String parameter” => name the new parameter 1
6. Important: in some versions of Windows, these actions are prohibited by the group policies themselves, the task manager and the registry editor also stop opening, which in turn does not allow you to return everything as it was and you have to fix everything in the additional system boot parameters. To prevent this from happening – add gpedit.msc and regedit.exe to the list of allowed
Open the created parameter => in the “Value” field, enter the name of the executable file of the program that you want to block (allow). In our example, we disable (enable) the “Notepad” program, the name of the executable file is notepad.exe => in the “Value field, enter notepad.exe and click on” OK “.
7. Repeat steps 5 and 6 from the instructions as many times as you need to prohibit or allow programs. Name the following parameters to be created by numbers in order (2, 3, 4 …).
Close Registry Editor and restart your computer for the changes to take effect. That’s all for today, if you know other ways – write in the comments! Good luck ?