In windows seven you can choose to Run Only Specified Windows Applications or Don’t Run Specified Windows Applications by editing the local group policy or gpedit.msc. When you choose to enable the option to Run Only Specified Windows Applications in the group policy editor, this obviously changes the registry settings for you.

In this article I will show you how to make this registry edit yourself without editing the local group policy.  We are going to create a RestrictRun Dword entry to enable application restrictions.

First we will need to enter the Windows registry.

1. Go to the start menu and in the search area type in regedit. See the screenshot below.

Now you will see the Windows registry.

Create a new DWORD value: RestrictRun

1. Open your registry as shown above and find the key HKEY_CURRENT_USER. Click on this.
2. Then find the software folder. Press on the plus sign next to this to see this folder expand.
3. Next expand Microsoft, then Windows, then Current version.
4. In this folder choose Policies, then Explorer.

At this point if you have already created restrictions for applications then you will see a Dword entry on the right called RestrictRun. If you do not have one created simply right click in the blank space, choose new, then choose Dword as shown below.

SoftwareMicrosoftWindowsCurrentVersion PoliciesExplorer]

5. Create a new DWORD value and name it “RestrictRun” set the value to “1” to enable application restrictions or “0” to allow all applications to run.

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurre ntVersionPoliciesExplorer]
“RestrictRun”=dword:00000001

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurre ntVersionPoliciesExplorer]
“RestrictRun”=dword:00000000

6. Next (before you logoff/on)..You have to create a subkey named RestrictRun under the Explorer subkey. Then you create your values and value data under the RestrictRun subkey.

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurre ntVersionPoliciesExplorerRestrictRun]
“1”=”setup.exe”
“2”=”regedit.exe”

*Make sure to include “regedit.exe” because the restrictrun tweak also disables the merge function for .reg files and other file functions… such as .inf, .bat, .com etc… files. If you do not include regedit.exe then you will not be able to access the registry to edit this setting again!

7. Restart Windows for the changes to take effect.

Restrict users from running specific Windows programs by editing the registry

These are instructions from Microsoft.

1. Click Start, and then click Run.
2. In the Open box, type regedit, and then click OK.
3. Create a DWORD value named DisallowRun. To do so:
   1. Locate and then click the following registry key:
      HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion PoliciesExplorer
   2. On the Edit menu, point to New, and then click DWORD Value.
   3. Type disallowrun, and then press ENTER.
   4. Double-click the DisallowRun value that you created in the previous step.
   5. Type 1 in the Value data box, and then click OK.
4. Create a new HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion PoliciesExplorerDisallowRun subkey. To do so:
   1. Right-click the following registry key, point to New, and then click Key:
      HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion PoliciesExplorer
   2. Type disallowrun, and then press ENTER.
5. For each program that you want to prevent users from running, create a new string value in the DisallowRunsubkey that you created in step 4. Use consecutive numbers to name the string values (starting with 1), and use the executable file name for the program as the data for the string value.For example, if you want to restrict users from running Microsoft Internet Explorer:
   1. Right-click the following registry key, point to New, and then click String Value:
      HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion PoliciesExplorerDisallowRun
   2. Type 1, and then press ENTER.
   3. Double-click the 1 value that you created in the previous step.
   4. Type iexplore.exe in the Value data box, and then click OK.
6. Quit Registry Editor, and then restart the computer.

Source: http://support.microsoft.com/kb/323525