In Windows Seven you can specify Windows applications which you would like to have run on your computer. You can also choose “Don’t run specified Windows applications” to prevent certain programs from being used on your computer. In the second screenshot below you can see both choices there.
There are a number of reasons you might want to use this feature as it gives you total control over what programs run on your computer.
- You might have a public computer and you want to restrict what programs people can access and run.
- You might be setting up a homework computer for your child and want to block games from running.
- Your computer might be for a certain purpose, like a work computer, and you only want certain programs to be used.
To change settings and control which software programs can be used on a computer, we will need to access the local group policy.
Please Note: The Local Group Policy Editor is not available in Home versions of Windows 7. There is a way to install the local group policy on your version of Windows though. Please this tutorial to see how to enable group policy in Windows home.
How to “Run Only Specified Windows Applications Using Gpedit.msc
1. In windows Seven, go and click on the Start button in the bottom left corner of the screen.
2. You will see the search box. Type gpedit.msc into the search box and hit Enter on the keyboard.
3. In the left pane, you will see the heading “User Configuration” and under that, “Administrative Templates“. Click on it to expand the menu.
4. Now you will see folder labelled System. Just select this by making it blue and a menu will appear in the right pane.
5. Scroll down until you find “Run only specified Windows applications“. See the screenshot below.
6. Double click on “Run only specified Windows applications” and then click next to enabled to add in more details.
7. Click on the show button to see a list of applications that are allowed to run.
8. You can add in allow programs like word.exe, iexplorer.exe, itunes.exe. When you are finished with the list click OK and then close the editor.
Image credit How to Geek
Don’t run specified Windows applications
On the other hand you can choose not to run certain Windows applications by going through the same process exactly. This is not something to be messed with as enabling both policies can confuse your computer and render it useless. You must be very careful about what you list in these group policies and i really do not recommend using these features unless you are an experienced computer administrator.
If you choose the option to “Don’t run specified Windows Applications” then this will prevent Windows from running the exact programs you specify. So if you have listed programs and enabled this policy then users will not be able to use these programs listed.
Enabling both Don’t run and run specified windows Applications at the same time
This can get confusing and should not be done. If you do enable both policies the users will be allowed to use the programs listed in the Run only allowed Windows applications policy. However if they overlap with the Don’t run specified Windows applications policy and the program is listed there, then they will not be able to use the program.
If you have enabled both and you are having probelms, I would try starting task manager. This group policy setting only prevents users from running programs that are started by the Windows Explorer process. It does not prevent users from running programs such as Task Manager, which are started by the system process.
If you can get into cmd.exe you can start the programs from there even if you are not allowed in Windows explorer. Just say you did open task manager, you can choose to start a program by typing something like cmd.exe in.
(WARNING:the following idea is untested as far as I know)
Another thing you can try is to create a batch file with the following code.
secedit /configure /db reset /cfg "c:windowssecuritytemplatessetup security.inf" /overwrite
Open notepad.exe. Hopefully this is not a blocked program. If it is start it in cmd.
Paste the code in and save as a .bat file. Run the batch file and restart your computer.
This tip is from this forum post.