In this guide, I will be demonstrating How to permit and run only certain apps in Windows for selected uses to be able to run only a list of allowed programs. This can be achieved via the group policy and by tweaking the registry settings. Here is a guide on how to block apps from running in Windows. Also, see how to Enable/Disable CTRL + ALT + DEL Secure Login on Windows 11/10, and how to fix your device cannot use a Trusted Platform Module: Allow BitLocker without a compatible TPM.

Permit Certain Apps via the Registry Settings

Launch the registry settings using “regedit.exe” from the search button and accept the UAC.

This will open the Registry Editor. Navigate through the registry hive to the following key as shown below.

HKEY_CURRENT_USER
SOFTWARE
Microsoft
Windows
CurrentVersion, and
Policies

Next, create a new sub-key inside the Policies key. Right-click the Policies key

Select New
Select Key

Name the new key Explorer

Create a value inside the new Explorer key by right-clicking on the Explorer key and selecting New, select DWORD (32-bit) value.

Name the new value RestrictRun

Next, double-click the new “RestrictRun” value (This will open its properties window). Change the value from 0 to 1 in the “Value data” box as shown below.

Finally, click on then click “OK.”

Create a sub-key

Next, you must create a new sub-key in the Explorer key by performing the below.

Right-click on the Explorer key
Select New
Select Key.

Name the new Select Key RestrictRun

In the next steps, we will start populating (adding) the apps we wish to allow. Below are the steps to achieve this.

Create a new string value inside the RestrictRun key. You will do this here for every application you desire to permit (allow).

Right-click on the RestrictRun value, select New and select String-Value.

and Enter the value of 1 as shown below.

Next, double-click and enter the application you want to permit, as shown below

Click on ok, and the key will appear as shown below.

You may want to see how to Prevent the Saving of RDP Credentials in Windows 10, and how to Configure logon hours for users in Active Directory.

Block Further Apps

Repeat “How to permit (run) only certain apps in Windows” as many times as you desire using the number format of “2,” “3,” etc., followed by the executable file names you wish to run as shown above.

When you are done, ensure you restart your device to have the settings applied.

Note: If you do not restart, the settings will not be applied.

To test, this will successfully launch Notepad++ and some UWP applications. But when to try to launch other desktop apps and some Win32 tools, you will be prompted with the following restriction message below.

This can be achieved via Group policy as well. I will be testing with iexplorer++ using group policy.

Block Apps Via Group Policy Object

Launch “group policy and navigate to the following location as shown below. In the Group Policy window navigate through the User Configuration, then the Administrative Templates. Click on System.

On the right pane, double-click on “Run only specified Windows Applications.”