Blocking apps from running in Windows can be a security and performance measure. In this guide, I will be demonstrating how to block certain apps from running on this computer. This can be achieved via the group policy and by tweaking the registry settings. Please see how to Block Upgrade to Windows 11 via Group Policy or Windows Registry, and how to Block downloads on Microsoft Edge using GPO on Windows Server 2019 and 2022.
Also, see the Video on Enabling or Disabling Screen Saver on Windows, the video on how to install Fax Server on a Windows Server, and the video on how to Prevent Windows Users from Changing the Screen Saver via the Registry Settings
Why should you block apps from running in Windows?
Below are one or more of these reasons why you might want to block some apps from running on your Windows PC.
Security Concerns: Blocking certain apps can prevent the execution of potentially malicious software or malware. This is particularly important for applications that are not trusted or are known to be associated with security risks.
Privacy Concerns: Due to Data Protection, some applications might collect and transmit user data without explicit consent. Blocking these apps can help protect user privacy by preventing unauthorized data gathering.
Network Bandwidth: Certain applications, especially those that run in the background, may consume network bandwidth for updates, data syncing, or other activities. Blocking unnecessary apps can help manage bandwidth and improve network performance.
Resource Utilization: Some apps, especially those configured to run at startup, can consume system resources (CPU, memory) even when not actively in use. Blocking unnecessary apps can improve system performance.
Corporate Policies: In a corporate environment, IT administrators might block certain apps to ensure that employees adhere to company policies. This can include restricting access to non-work-related apps during business hours.
Preventing Unwanted Behavior: Some applications may perform actions that are undesirable in a particular context. For example, blocking gaming apps on work computers to prevent distractions during work hours.
License Compliance: Blocking unauthorized or unlicensed software helps ensure compliance with software licensing agreements.
Reducing Attack Surface: Reducing the number of running applications reduces the attack surface, making it harder for attackers to exploit vulnerabilities in the system.
Block Apps via Windows Registry Settings
To do this via the registry and group policy. Launch the registry settings using “regedit.exe” from the search button and accept the UAC as shown below
This will open the Registry Editor. Navigate through the registry hive to the following key as shown below.
- HKEY_CURRENT_USER
- SOFTWARE
- Microsoft
- Windows
- CurrentVersion
- Policies
Next, create a new sub-key inside the Policies key. Right-click the Policies key, select New, and select Key,
Name the new key Explorer
Next, create a value inside the new Explorer key by right-clicking on the Explorer key and select New. Select DWORD (32-bit) value, and Name the new value DisallowRun
Next, double-click the new “DisallowRun” value (This will open its properties window. Change the value from 0 to 1 in the “Value data” box
Finally, click on then click “OK.” Next, you will have to create a new sub-key in the Explorer key by performing the below.
Right-click on the Explorer key. Select New, select Key. Name the new key DisallowRun
In the next steps, we will start populating (adding) the apps we wish to block. Below are the steps to achieve this.
Create a new string value inside the DisallowRun key (You will do this for every application you desire to block).
Right-click on the DisallowRun value, select New, and select String-Value.
Enter the value to 1
Modify the value to 1 as shown below (we will have to start the numbering from 1 (one).
Now, double-click the new value to open its property windows.
Enter the name of the executable you want to block into the “Value data” as shown below. In my example, I will be blocking Internet Explorer from running.
When you hit “ok”, the string should look this way in the registry editor.
This process should be repeated by naming each string alphabetically from value “2”, “3” and “4” etc., for each and editing the properties by adding the the executable file you wish to block. I only had to block the explorer in my lab and this is enough to work you through.
When you are done, ensure you restart your device to have the settings applied.
Note: If you do not restart, the settings will not be applied. When you try to launch Internet Explorer after restarting, you will get the following message below.
This can be achieved via Group policy as well. I will be testing with Notepad++ using group policy.
Block Apps Via Group Policy Object
To do this, launch “group policy as shown below,
In the Group Policy window navigate through the User Configuration > Administrative Templates > System.
Next, click on “Enabled”. Click on show as shown below
In the Show Contents dialog box, click on every line in the list and type the name of the executable you do not want users to run. Click on “OK.”
The settings will display enabled as shown below.
Apply Group Policy Update
To ensure the settings apply immediately, run “gpupdate” via the command prompt as shown below.
For the difference between GPUpdate and GPUpdate/force. See the following guide on how to permit only a specific app to run
Now when you try to launch Notepad++, the following restriction message will be prompted as shown below.
Note, that the registry and group policy steps for blocking and apps are also similar to permitting only specific apps to run in Windows.
I hope you found this blogpost on how to block apps from running in windows useful. Please feel free to leave a comment below.
