Windows 7 - Applications - Prevent Running Specified Programs

   Information

This will show you how to prevent all users, or specific users and groups, on the computer from being able to run a list of disallowed program EXE files that you specify.

You must be logged in as an administrator to be able to do this tutorial.

   Warning

This will not prevent users from being able to run a program through the command prompt unless you also prevent cmd.exe from being able to run.

1. Open the all users, specific users or groups, or all users except administrators Local Group Policy Editor for how you want this policy applied.

2. In the left pane, click on to expand User Configuration, Administrative Templates, and System. (See screenshot below)

3. In the right pane, right click on Don't run specified Windows applications and click on Edit. (See screenshot above)

4. To Allow All Applications to Run (Default)

A) Select (dot) either Not Configured or Disabled. (see screenshot below)

B) Go to step 6.

5. To Prevent Specified Applications from Running

A) Select (dot) Enabled, then click on the Show button under Options. (see screenshot above)

B) Under Value, double click in a blank line and type in the name of the EXE file (ex: cmd.exe) with file extension that you want to prevent from running. (see screenshots below)

   Tip

• To change or remove a listed exe file name, you can just type over it.
• To clear or reset the list of disallowed applications, you can select Not Configured (step 4) and click on Apply, then select Enabled again and click on Apply.

C) Repeat step 5B until you have added any other EXE files (ex: CCleaner) you want on the list of disallowed applications as well. When finished, click on OK. (see screenshots above)

6. Click on OK. (see screenshot below step 4A)

7. Close the Local Group Policy Editor window.

1. Open the Start Menu, then type regedit in the search box and press enter.

2. If prompted by UAC, click on Yes.

3. In regedit, navigate to the location below. (see screenshot below)

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

4. To Prevent Specified Applications from Running

A) In the right pane of Explorer, right click on a empty space and click on New and DWORD (32-bit) Value. (see screenshot below)

B) Type in DisallowRun and press Enter. Right click on DisallowRun and click on Modify. (see screenshot below)

C) Type in 1 and click on OK. (see screenshot below)

D) In the left pane, right click on Explorer and click on New and Key. Type in DisallowRun and press Enter. (see screenshot below)

E) In the right pane of DisallowRun, right click on a empty space and click on New and String Value. (see screenshot below)

F) Type in the number (1 to ....) of the order that this EXE file will be in the list of disallowed applications and press Enter. Right click on this number and click on Modify. (see screenshot below)
NOTE: For example, you would type 1 if this is the first EXE in the list, 2 if it's the second, 3 for the third, etc........

G) Type in the name of the EXE file (ex: cmd.exe) with file extension that you want to prevent from running and click on OK. (see screenshot below)

   Tip

• To change a listed EXE file name, right click on the number of the EXE, click on Modify (step 4F), type the new EXE name, and click on OK.
• To remove a listed EXE file name, right click on the number of the EXE, then click on Delete and Yes.

H) Repeat steps 4F and 4G until you have added any other EXE files (ex: #2 CCleaner) you want on the list of disallowed applications as well.

I) When finished, go to step 6.

5. To Allow All Applications to Run (Default)

A) In the right pane of Explorer, right click on DisallowRun and click on Delete. (see screenshot below)

B) Click on Yes to approve. (see screenshot below)

C) In the left pane, right click on DisallowRun and click on Delete. (see screenshot below)

D) Click on Yes to approve. (see screenshot below)

6. Close regedit.

7. Log off and log on, or restart the computer to apply.