Configure and allow Windows to run Specified Programs only

In certain situations, you might want to allow others to run only programs you specify on your computer. What you need is the Windows Group Policy Editor (which is available in Professional and above versions of Windows). To open Group Policy Editor, press the Start button, type gpedit.msc and press Enter.

Run only specified Windows Applications

Explore down to User Configuration > Administrative Templates > System in the left pane.


Now double click Run only specified Windows Applications.


From the check box, select Enabled. To set the allowed applications, click Show from under Options.


Now click  right next to the star (*) under Value and enter the name of the applications which you want to run. For example if you want to run Firefox, enter firefox.exe.


This setting will limit the Windows programs that users have permission to run on the computer. If you enable this setting, users can only run programs that you add to the List of Allowed Applications.

Click OK and you are done. Now the user will only be able to open the programs you specify this way.

Do note that this setting only prevents users from running programs that are started by the Windows Explorer process. It does not prevent users from running programs such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt, Cmd.exe, this setting does not prevent them from starting programs in the command window that they are not permitted to start by using Windows Explorer.

Incidentally you might wand to check out Windows Program Blocker, a free App or Application blocker software to block software from running on Windows 8 | 7.

How to prevent users from installing programs in Windows 7  and how to prevent Anyone from Uninstalling Metro Applications in Windows 8  may also interest you.

Posted by on , in Category Windows with Tags
Currently pursuing Bachelors in Electronics, the author Nithin Ramesh is a technology blogger. Apart from technology his other interests include cricket and rock music.


  1. that’s quite a good trick to use to annoy some limited users. reminds me of one trick,but using secpol.msc to disable some application ( or file path ) from running, it was used mainly to disable avira notifier , but i used it more with some annoying viruses, btw, i almost forgot, here’s its link

    btw, nice trick, thanks for sharing it 😀

  2. Vasu


    I installed GPEDIT.MSC
    how to disable the same feature now?? when i am typing gpedit.msc into the run box it is showing above mentioned restricted message box..

    Highly Urgent.. please


  3. Aidser.

    Yeah, this actually made me lock up my own account, so the guy who will come to visit while I’m not home will be off without a computer at all for 4 days.. fun

  4. John

    Can you do the same with command line ?

Leave a Reply

Your email address will not be published. Required fields are marked *

8 + 5 =