How to permit and run only certain apps in windows
In this guide, I will be demonstrating How to permit and run only certain apps in Windows for selected uses to be able to run only a list of allowed programs. This can be achieved via the group policy and by tweaking the registry settings. Here is a guide on how to block apps from running in Windows. Also, see how to Enable/Disable CTRL + ALT + DEL Secure Login on Windows 11/10, and how to fix your device cannot use a Trusted Platform Module: Allow BitLocker without a compatible TPM.
Permit Certain Apps via the Registry Settings
Launch the registry settings using “regedit.exe” from the search button and accept the UAC.
This will open the Registry Editor. Navigate through the registry hive to the following key as shown below.
- HKEY_CURRENT_USER
- SOFTWARE
- Microsoft
- Windows
- CurrentVersion, and
- Policies
Next, create a new sub-key inside the Policies key. Right-click the Policies key
- Select New
- Select Key
Name the new key Explorer
Create a value inside the new Explorer key by right-clicking on the Explorer key and selecting New, select DWORD (32-bit) value.
Name the new value RestrictRun
Next, double-click the new “RestrictRun” value (This will open its properties window). Change the value from 0 to 1 in the “Value data” box as shown below.
Finally, click on then click “OK.”
Create a sub-key
Next, you must create a new sub-key in the Explorer key by performing the below.
- Right-click on the Explorer key
- Select New
- Select Key.
Name the new Select Key RestrictRun
In the next steps, we will start populating (adding) the apps we wish to allow. Below are the steps to achieve this.
Create a new string value inside the RestrictRun key. You will do this here for every application you desire to permit (allow).
Right-click on the RestrictRun value, select New and select String-Value.
and Enter the value of 1 as shown below.
Next, double-click and enter the application you want to permit, as shown below
Click on ok, and the key will appear as shown below.
You may want to see how to Prevent the Saving of RDP Credentials in Windows 10, and how to Configure logon hours for users in Active Directory.
Block Further Apps
Repeat “How to permit (run) only certain apps in Windows” as many times as you desire using the number format of “2,” “3,” etc., followed by the executable file names you wish to run as shown above.
When you are done, ensure you restart your device to have the settings applied.
Note: If you do not restart, the settings will not be applied.To test, this will successfully launch Notepad++ and some UWP applications. But when to try to launch other desktop apps and some Win32 tools, you will be prompted with the following restriction message below.
This can be achieved via Group policy as well. I will be testing with iexplorer++ using group policy.
Block Apps Via Group Policy Object
Launch “group policy and navigate to the following location as shown below. In the Group Policy window navigate through the User Configuration, then the Administrative Templates. Click on System.
On the right pane, double-click on “Run only specified Windows Applications.”
This will open up the s”Show Contents” dialog box
Populate the content of the “Show Contents” as shown below.
Click on okay and finally apply the settings and click on okay.
Apply GPUpdate
To ensure the settings apply immediately, run “gpupdate” via the command prompt as shown below.
Note: When you click on notepad++, this will execute correctly, but when you click on other applications outside the permitted apps, you will
Please see how to fix Error 0x800f0823: Wizard.hta Screen stuck during WDS Deployment, and how to install Dynamic Host Configuration Protocol on Windows Server 2019.
I hope you found this article useful on how to permit and run only certain apps in windows. Please feel free to leave a comment below.
