Batu69 Posted October 6, 2016 Share Posted October 6, 2016 If you’d like to limit what apps a user can run on a PC, Windows gives you two options. You can block the apps you don’t want a user to run, or you can restrict them to running only specific apps. Here’s how to do it. NOTE: Be absolutely sure that you are making changes to a user account you actually want to restrict, and that you always have an unrestricted administrative account available to undo those changes. This is especially true if you are restricting users to a specific set of apps, as those users will lose access even to tools like Registry Editor and Local Group Policy Editor. If you do accidentally apply restrictions to your administrative account, the only way we’ve found to reverse the changes is to run System Restore by going to Settings > Update & Security > Recovery and clicking the “Restart now” button under Advanced Startup. From there, you can find the setting for running System Restore after a restart, since you won’t be able to run System Restore the normal way. For this reason, we also highly recommend creating a restore point before making any of the changes here. Home Users: Block or Restrict Apps by Editing the Registry To block or restrict apps in the Home edition of Windows, you’ll need to dive into the Windows Registry to make some edits. The trick here is that you’ll want to log on as the user you want to make changes for, and then edit the Registry while logged onto their account. If you have multiple users for which you want to changes for, you’ll have to repeat the process for each user. Standard warning: Registry Editor is a powerful tool and misusing it can render your system unstable or even inoperable. This is a pretty simple hack and as long as you stick to the instructions, you shouldn’t have any problems. That said, if you’ve never worked with it before, consider reading about how to use the Registry Editor before you get started. And definitely back up the Registry (and your computer!) before making changes. Block Certain Apps Through the Registry First, you’ll need to log on to Windows using the user account for which you want to block apps. Open the Registry Editor by hitting Start and typing “regedit.” Press Enter to open Registry Editor and give it permission to make changes to your PC. In the Registry Editor, use the left sidebar to navigate to the following key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies Next, you’re going to create a new subkey inside the Policies key. Right-click the Policies key, choose New > Key, and then name the new key Explorer . Next you’re going to create a value inside the new Explorer key. Right-click the Explorer key and choose New > DWORD (32-bit) value. Name the new value DisallowRun . Double-click the new DisallowRun value to open its properties dialog. Change the value from 0 to 1 in the “Value data” box and then click “OK.” Back in the main Registry Editor window, you’re now going to create a new subkey inside the Explorer key. Right-click the Explorer key and choose New > Key. Name the new key DisallowRun , just like the value you already created. Now, it’s time to start adding apps you want to block. You’ll do this by creating a new string value inside the DisallowRun key for each app you want to block. Right-click the DisallowRun value and then choose New > String Value. You’ll be naming these values with simple numbers, so name the first value you create “1.” Double-click the new value to open its property dialog, type the name of the executable you want to block into the “Value data” box (e.g., notepad.exe ), and then click “OK.” Repeat this process, naming the second string value “2” and the third “3” and so on, and then adding the executable file names you want to block to each value. When you’re done, you can restart Windows, log onto that user account, and then test things by trying to run one of those apps. You should see a “Restrictions” window pop-up letting you know that you can’t run the app. You’ll need to repeat this process for each user account for which you need to block apps. Though, if you’re blocking the same apps for multiple user accounts, you could always create your own Registry hack by exporting the DisallowRun key after you’ve configured the first user account and then importing it after logging onto to each subsequent account. If you want to edit the list of blocked apps, just return to the DisallowRun key and make the changes you want. If you want to restore access to all apps, you can either delete the wholeExplorer key you created–along with DisallowRun subkey and all the values. Or you could just go back and change the value of the DisallowRun value you created from 1 back to 0, effectively turning off app blocking while leaving the list of apps in place should you want to turn it on again in the future. Block Only Certain Apps Through the Registry Restricting users to running only certain apps in the Registry follows almost exactly the same procedure as blocking specific apps. You’ll again need to log on to Windows using user account you want to change. Fire up Registry Editor and then head to the following key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies Right-click the Policies key, choose New > Key, and then name the new key Explorer . Next you’re going to create a value inside the new Explorer key. Right-click the Explorer key and choose New > DWORD (32-bit) value. Name the new value RestrictRun . Double-click the new RestrictRun value to open its properties dialog. Change the value from 0 to 1 in the “Value data” box and then click “OK.” Back in the main Registry Editor window, you’re now going to create a new subkey inside the Explorer key. Right-click the Explorer key and choose New > Key. Name the new key RestrictRun , just like the value you already created. Now, you’ll add apps to which the user is allowed access. Create a new string value inside the RestrictRun key for each app you want to block. Right-click the RestrictRun value and then choose New > String Value. You’ll be naming these values with simple numbers, so name the first value you create “1.” Double-click the new value to open its property dialog, type the name of the executable you want to block into the “Value data” box (e.g., notepad.exe ), and then click “OK.” Repeat this process, naming the values “2,” “3,” and so on, and then adding the executable file names you want the user to be able to run to each value. When you’re done, restart Windows, log into that user account again, and test your settings. You should only be able to run apps to which you explicitly allowed access. You’ll need to repeat the process with each user account for which you want to restrict apps or create your own Registry hack you can use to apply settings to each user more quickly. To reverse your changes, you can delete the Explorer key you created (along with the RestrictRun subkey and all values) or you can set that RestrictRun value you created back to 0, turning off restricted access. Pro and Enterprise Users: Block or Restrict Apps with the Local Group Policy Editor If you use the Pro or Enterprise version of Windows, blocking or restricting apps can be a little easier because you can use the Local Group Policy Editor to do the job. One big advantage is that you can apply policy settings to other users–or even groups of users–without having to log in as each user to make the changes the way you do when making these changes with Registry Editor. The caveat here is that you’ll need to do a little extra setup by first creating a policy object for those users. You can read all about that in our guide to applying local Group Policy tweaks to specific users. You should also be aware that group policy is a pretty powerful tool, so it’s worth taking some time to learn what it can do. Also, if you’re on a company network, do everyone a favor and check with your admin first. If your work computer is part of a domain, it’s also likely that it’s part of a domain group policy that will supersede the local group policy, anyway. The process for allowing or restricting apps with the Local Group Policy Editor is almost identical, so we’re going to show you how to restrict users to only running certain apps here and just point out the differences. Start by finding the MSC file you created for controlling policies for those particular users. Double-click to open it and allow it to make changes to your PC. In this example, we’re using one we created for applying policy to all non-administrative user accounts. In the Group Policy window for those users, on the left-hand side, drill down to User Configuration > Administrative Templates > System. On the right, find the “Run only specified Windows applications” setting and double-click it to open its properties dialog. If you want to block specific applications rather than restricting them, you would open the “Don’t run specified Windows applications” setting instead. In the properties window that opens, click the “Enabled” option and then click the “Show” button. In the “Show Contents” window, click each line in the list and type the name of the excecutable you want users to be able to run (or the name of apps you want to block if that’s what you’re doing instead). When you’re done building your list, click “OK.” You can now exit the Local Group Policy window. To test your changes, sign in with one of the affected user accounts and try to launch an app to which the user should not have access. Instead of launching the app, you should see an error message. If you want to disable your changes, just head back into the Local Group Policy editor by double-clicking your MSC file again. This time, change the “Run only specified Windows applications” or “Don’t run specified Windows applications” options to “Disabled” or “Not Configured.” This will turn the setting off entirely. It will also reset your list of apps, so if you want to turn it on again, you’ll need to retype that list. Credit to Link to comment Share on other sites More sharing options...
exodius Posted October 6, 2016 Share Posted October 6, 2016 Do you know how to add password to the program? I want to add password to firefox, so other user can't access it if don't know the password. Link to comment Share on other sites More sharing options...
straycat19 Posted October 7, 2016 Share Posted October 7, 2016 13 hours ago, exodius said: Do you know how to add password to the program? I want to add password to firefox, so other user can't access it if don't know the password. Free solution http://www.thewindowsclub.com/password-protect-restrict-access-installed-programs-appadmin Link to comment Share on other sites More sharing options...
Togijak Posted October 7, 2016 Share Posted October 7, 2016 @exodius If you relay what to be sure that no one is able to use your Firefox why you don't put a portable Firefox into a Veracrypt container? Link to comment Share on other sites More sharing options...
exodius Posted October 7, 2016 Share Posted October 7, 2016 3 hours ago, Togijak said: @exodius If you relay what to be sure that no one is able to use your Firefox why you don't put a portable Firefox into a Veracrypt container? Firefox portable can't synch to my account. Link to comment Share on other sites More sharing options...
wallofasgard Posted October 7, 2016 Share Posted October 7, 2016 thanks for sharing this info.but for some newbie like me,straycat19's suggestion is likely more easy to do than editing group policy to enable/block certain application.Found out that version 1.1.0 is freeware. though i still want to try the latest version if i could find any med out there. Link to comment Share on other sites More sharing options...
Jordan Posted October 7, 2016 Share Posted October 7, 2016 36 minutes ago, wallofasgard said: thanks for sharing this info.but for some newbie like me,straycat19's suggestion is likely more easy to do than editing group policy to enable/block certain application.Found out that version 1.1.0 is freeware. though i still want to try the latest version if i could find any med out there. Take a look to this program too : AskAdmin 1.4 http://www.sordum.org/7941/askadmin-v1-4/ Great stuff there also..... Link to comment Share on other sites More sharing options...
Togijak Posted October 7, 2016 Share Posted October 7, 2016 4 hours ago, exodius said: Firefox portable can't synch to my account. please explain me why you use sync | on one point you want to be secure and on a other point you give information about you to someone else I sync the Firefox profile folder with Beyond Compare Link to comment Share on other sites More sharing options...
exodius Posted October 8, 2016 Share Posted October 8, 2016 18 hours ago, Togijak said: please explain me why you use sync | on one point you want to be secure and on a other point you give information about you to someone else I sync the Firefox profile folder with Beyond Compare Bro, i synch my bookmark on home pc to FF portable on office. But it won't synched. Link to comment Share on other sites More sharing options...
Togijak Posted October 8, 2016 Share Posted October 8, 2016 I don't know where is the problem, here the bookmarks sync works if I do it on this way The right site was a new and empty portable Firefox. Not sure everything is OK (there are some different portable versions outside with nonidentical structure) but bookmarks are present. Can't say anything about passwords (don't store it in Firefox). If this is no help google for a Firefox forum, I only have a german Firefox forum (I think this wont help you) and ask how to sync installed to portable FF Link to comment Share on other sites More sharing options...
AppleGeek Posted October 9, 2016 Share Posted October 9, 2016 So much easier by just using windows firewall, though! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.