Jump to content

How to Block (or Allow) Certain Applications for Users in Windows


Batu69

Recommended Posts

650x290xbra_top-1-650x290.png.pagespeed.

 

If you’d like to limit what apps a user can run on a PC, Windows gives you two options. You can block the apps you don’t want a user to run, or you can restrict them to running only specific apps. Here’s how to do it.

 

NOTE: Be absolutely sure that you are making changes to a user account you actually want to restrict, and that you always have an unrestricted administrative account available to undo those changes. This is especially true if you are restricting users to a specific set of apps, as those users will lose access even to tools like Registry Editor and Local Group Policy Editor.

If you do accidentally apply restrictions to your administrative account, the only way we’ve found to reverse the changes is to run System Restore by going to Settings > Update & Security > Recovery and clicking the “Restart now” button under Advanced Startup. From there, you can find the setting for running System Restore after a restart, since you won’t be able to run System Restore the normal way. For this reason, we also highly recommend creating a restore point before making any of the changes here.

 

Home Users: Block or Restrict Apps by Editing the Registry

To block or restrict apps in the Home edition of Windows, you’ll need to dive into the Windows Registry to make some edits. The trick here is that you’ll want to log on as the user you want to make changes for, and then edit the Registry while logged onto their account. If you have multiple users for which you want to changes for, you’ll have to repeat the process for each user.

 

Standard warning: Registry Editor is a powerful tool and misusing it can render your system unstable or even inoperable. This is a pretty simple hack and as long as you stick to the instructions, you shouldn’t have any problems. That said, if you’ve never worked with it before, consider reading about how to use the Registry Editor before you get started. And definitely back up the Registry (and your computer!) before making changes.

 

Block Certain Apps Through the Registry

First, you’ll need to log on to Windows using the user account for which you want to block apps. Open the Registry Editor by hitting Start and typing “regedit.” Press Enter to open Registry Editor and give it permission to make changes to your PC.

 

bra_1

 

In the Registry Editor, use the left sidebar to navigate to the following key:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies

bra_2

 

Next, you’re going to create a new subkey inside the Policies key. Right-click the Policies key, choose New > Key, and then name the new key Explorer .

 

bra_3

 

Next you’re going to create a value inside the new Explorer key. Right-click the Explorer key and choose New > DWORD (32-bit) value. Name the new value DisallowRun .

 

bra_4

 

Double-click the new DisallowRun value to open its properties dialog. Change the value from 0 to 1 in the “Value data” box and then click “OK.”

 

bra_5

 

Back in the main Registry Editor window, you’re now going to create a new subkey inside the Explorer key. Right-click the Explorer key and choose New > Key. Name the new key DisallowRun , just like the value you already created.

 

bra_6

 

Now, it’s time to start adding apps you want to block. You’ll do this by creating a new string value inside the DisallowRun key for each app you want to block. Right-click the DisallowRun value and then choose New > String Value. You’ll be naming these values with simple numbers, so name the first value you create “1.”

 

bra_7

 

Double-click the new value to open its property dialog, type the name of the executable you want to block into the “Value data” box (e.g., notepad.exe ), and then click “OK.”

 

bra_8

 

Repeat this process, naming the second string value “2” and the third “3” and so on, and then adding the executable file names you want to block to each value.

 

bra_9

 

When you’re done, you can restart Windows, log onto that user account, and then test things by trying to run one of those apps. You should see a “Restrictions” window pop-up letting you know that you can’t run the app.

 

bra_10

 

You’ll need to repeat this process for each user account for which you need to block apps. Though, if you’re blocking the same apps for multiple user accounts, you could always create your own Registry hack by exporting the DisallowRun key after you’ve configured the first user account and then importing it after logging onto to each subsequent account.

 

If you want to edit the list of blocked apps, just return to the DisallowRun key and make the changes you want. If you want to restore access to all apps, you can either delete the wholeExplorer key you created–along with DisallowRun  subkey and all the values. Or you could just go back and change the value of the DisallowRun value you created from 1 back to 0, effectively turning off app blocking while leaving the list of apps in place should you want to turn it on again in the future.

Block Only Certain Apps Through the Registry

Restricting users to running only certain apps in the Registry follows almost exactly the same procedure as blocking specific apps. You’ll again need to log on to Windows using user account you want to change. Fire up Registry Editor and then head to the following key:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies

Right-click the Policies key, choose New > Key, and then name the new key Explorer .

 

bra_3

 

Next you’re going to create a value inside the new Explorer key. Right-click the Explorer key and choose New > DWORD (32-bit) value. Name the new value RestrictRun .

 

bra_11

 

Double-click the new RestrictRun value to open its properties dialog. Change the value from 0 to 1 in the “Value data” box and then click “OK.”

 

bra_12

 

Back in the main Registry Editor window, you’re now going to create a new subkey inside the Explorer key. Right-click the Explorer key and choose New > Key. Name the new key RestrictRun , just like the value you already created.

 

bra_13

 

Now, you’ll add apps to which the user is allowed access. Create a new string value inside the RestrictRun key for each app you want to block. Right-click the RestrictRun value and then choose New > String Value. You’ll be naming these values with simple numbers, so name the first value you create “1.”

 

bra_14

 

Double-click the new value to open its property dialog, type the name of the executable you want to block into the “Value data” box (e.g., notepad.exe ), and then click “OK.”

 

bra_8

 

Repeat this process, naming the values “2,” “3,” and so on, and then adding the executable file names you want the user to be able to run to each value.

 

bra_15

 

When you’re done, restart Windows, log into that user account again, and test your settings. You should only be able to run apps to which you explicitly allowed access. You’ll need to repeat the process with each user account for which you want to restrict apps or create your own Registry hack you can use to apply settings to each user more quickly.

 

To reverse your changes, you can delete the Explorer key you created (along with the RestrictRun subkey and all values) or you can set that RestrictRun value you created back to 0, turning off restricted access.

Pro and Enterprise Users: Block or Restrict Apps with the Local Group Policy Editor

If you use the Pro or Enterprise version of Windows, blocking or restricting apps can be a little easier because you can use the Local Group Policy Editor to do the job. One big advantage is that you can apply policy settings to other users–or even groups of users–without having to log in as each user to make the changes the way you do when making these changes with Registry Editor.

 

The caveat here is that you’ll need to do a little extra setup by first creating a policy object for those users. You can read all about that in our guide to applying local Group Policy tweaks to specific users. You should also be aware that group policy is a pretty powerful tool, so it’s worth taking some time to learn what it can do.

 

Also, if you’re on a company network, do everyone a favor and check with your admin first. If your work computer is part of a domain, it’s also likely that it’s part of a domain group policy that will supersede the local group policy, anyway.

 

The process for allowing or restricting apps with the Local Group Policy Editor is almost identical, so we’re going to show you how to restrict users to only running certain apps here and just point out the differences. Start by finding the MSC file you created for controlling policies for those particular users. Double-click to open it and allow it to make changes to your PC. In this example, we’re using one we created for applying policy to all non-administrative user accounts.

 

In the Group Policy window for those users, on the left-hand side, drill down to User Configuration > Administrative Templates > System. On the right, find the “Run only specified Windows applications” setting and double-click it to open its properties dialog. If you want to block specific applications rather than restricting them, you would open the “Don’t run specified Windows applications” setting instead.

 

bra_16

 

In the properties window that opens, click the “Enabled” option and then click the “Show” button.

 

bra_17

 

In the “Show Contents” window, click each line in the list and type the name of the excecutable you want users to be able to run (or the name of apps you want to block if that’s what you’re doing instead). When you’re done building your list, click “OK.”

 

bra_18

 

You can now exit the Local Group Policy window. To test your changes, sign in with one of the affected user accounts and try to launch an app to which the user should not have access. Instead of launching the app, you should see an error message.

 

bra_10

 

If you want to disable your changes, just head back into the Local Group Policy editor by double-clicking your MSC file again. This time, change the “Run only specified Windows applications” or “Don’t run specified Windows applications” options to “Disabled” or “Not Configured.” This will turn the setting off entirely. It will also reset your list of apps, so if you want to turn it on again, you’ll need to retype that list.

 

Credit to

Link to comment
Share on other sites


  • Replies 10
  • Views 1.9k
  • Created
  • Last Reply

Do you know how to add password to the program?

I want to add password to firefox, so other user can't access it if don't know the password.

Link to comment
Share on other sites


13 hours ago, exodius said:

Do you know how to add password to the program?

I want to add password to firefox, so other user can't access it if don't know the password.

 

Free solution

http://www.thewindowsclub.com/password-protect-restrict-access-installed-programs-appadmin

 

Link to comment
Share on other sites


@exodius

 

If you relay what to be sure that no one is able to use your Firefox why you don't put a portable Firefox into a Veracrypt container?

Link to comment
Share on other sites


3 hours ago, Togijak said:

@exodius

 

If you relay what to be sure that no one is able to use your Firefox why you don't put a portable Firefox into a Veracrypt container?

 

Firefox portable can't synch to my account. :(

Link to comment
Share on other sites


wallofasgard

thanks for sharing this info.but for some newbie like me,straycat19's suggestion is likely more easy to do than editing group policy to enable/block certain application.Found out that version 1.1.0 is freeware.:) though i still want to try the latest version if i could find any med out there.

Link to comment
Share on other sites


36 minutes ago, wallofasgard said:

thanks for sharing this info.but for some newbie like me,straycat19's suggestion is likely more easy to do than editing group policy to enable/block certain application.Found out that version 1.1.0 is freeware.:) though i still want to try the latest version if i could find any med out there.

 

 

Take a look to this program too : AskAdmin 1.4

 

http://www.sordum.org/7941/askadmin-v1-4/

 

ask_admin_drag_and_drop.png

 

Great stuff there also.....

Link to comment
Share on other sites


4 hours ago, exodius said:

 

Firefox portable can't synch to my account. :(

pu58LqR.gifplease explain me why you use sync | on one point you want to be secure and on a other point you give information about you to someone else 

 

I sync the Firefox profile folder with Beyond Compare

Link to comment
Share on other sites


18 hours ago, Togijak said:

pu58LqR.gifplease explain me why you use sync | on one point you want to be secure and on a other point you give information about you to someone else 

 

I sync the Firefox profile folder with Beyond Compare

 

Bro, i synch my bookmark on home pc to FF portable on office. But it won't synched.

Link to comment
Share on other sites


I don't know where is the problem, here the bookmarks sync works if I do it on this way

 

p3KQtc6.png

 

The right site was a new and empty portable Firefox. Not sure everything is OK (there are some different portable versions outside with nonidentical structure) but bookmarks are present. Can't say anything about passwords (don't store it in Firefox). If this is no help google for a Firefox forum, I only have a german Firefox forum (I think this wont help you) and ask how to sync installed to portable FF

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...