In this guide, I will be demonstrating how to permit users on the computer to be able to run only a list of allowed programs. This can be achieved via the group policy and by tweaking the registry settings.
These steps are similar to how to block apps from running in windows. https://techdirectarchive.com/2020/03/14/how-to-block-apps-from-running-in-windows/
Via the Registry Settings: Launch the registry settings using “regedit.exe” from the search button and accept the UAC.
This will open the Registry Editor. Navigate through the registry hive to the following key as shown below.
– HKEY_CURRENT_USER
– SOFTWARE
– Microsoft
– Windows
– CurrentVersion
– Policies
Next, create a new sub-key inside the Policies key.
– Right-click the Policies key,
– Select New
– Select Key
– Name the new key Explorer
Next, create a value inside the new Explorer key by right-clicking on the Explorer key and
– Select New
– Select DWORD (32-bit) value
– Name the new value RestrictRun
Next, double click the new “RestrictRun” value (This will open its properties window)
– Change the value from 0 to 1 in the “Value data” box as shown below.
– Finally, click on then click “OK.”
How to permit (run) only certain apps in windows
Next, you must create a new sub-key in the Explorer key by performing the following below.
– Right-click on the Explorer key
– Select New
– Select Key.
– Name the new key RestrictRun
In the next steps, we will start populating (adding) the apps we wish to allow. Below are the steps to achieve this.
– Create a new string value inside the RestrictRun key. You will do this here for every application you desire to permit (allow).
– Right-click on the RestrictRun value
– Select New
– Select String-Value.
and Enter the value of 1 as shown below.
Next, double-click and enter the application you want to permit, as shown below
Click on ok, and the key will appear as shown below.
Repeat “How to permit (run) only certain apps in windows” as many times as you desire using the number format of “2,” “3,” etc., followed by the executable file names you you wish to run as shown above.
When you are done, ensure you restart your device to have the settings applied.
– Note: If you do not restart, the settings will not be applied.
To test, this will successfully launch Notepad++ and some UWP applications. But when to try to launch other desktop apps and some Win32 tools, you will be prompted with the following restriction message below.
This can be achieved via Group policy as well. I will be testing with iexplorer++ using group policy.
Via Group Policy Object: Launch “group policy and navigate to the following location as shown below.
In the Group Policy window navigate through the
– User Configuration
– Administrative Templates
– Click on System.
On the right pane,
– Double click on “Run only specified Windows Applications.”
This will open up the s”Show Contents” dialog box
Populate the content of the “Show Contents” as shown below.
Click on okay and
– Finally apply the settings and click on okay.
To ensure the settings applies immediately, run “gpupdate” via the command prompt as shown below.
Note: When you click on notepad++, this will execute correctly, but when you click on other applications outside the permitted apps, you will
For how to block an app from running in windows, see the following link https://techdirectarchive.com/2020/03/14/how-to-block-apps-from-running-in-windows/