Prevent Users From Running Certain Programs

If you’re a system administrator, you may have problems with your users running programs like iTunes or BitTorrent in your Microsoft Windows environment? If you want to stop such programs from running, here’s how to use Group Policy or the Registry to prevent users from running certain programs.

Option 1 – Apply Group Policy

1. Hold down the Windows Key and press “R” to bring up the Run dialog box.
2. Type “gpedit.msc“, then press “Enter“. The Group Policy Editor appears.
3. Expand “User Configuration” > “Administrative Templates“, then select “System“.
4. Open the policy “Don’t run specified Windows applications“.
   
5. Set the policy to “Enabled“, then select “Show…”
   
6. Add the programs you would like to prevent the user from running to the List of disallowed applications. Use the name of the application launching file such as “itunes.exe“, “bittorent.exe“, etc.
   

 

Option 2 – Apply Via Registry

1. Hold down the Windows Key and press “R” to bring up the Run dialog box.
2. Type “regedit“, then press “Enter“. The Registry Editor appears.
3. Expand the following:
   • HKEY_CURRENT_USER
   • SOFTWARE
   • Microsoft
   • Windows
   • CurrentVersion
   • Policies
   • Explorer
4. Right-click a blank area on the right side and add a new “DWORD (32-bit) Value” named “DisallowRun“.
5. Open “DisallowRun” and give it a Value of “1“.
6. Right-click and add a new “Key“, also named “DisallowRun“. The folder is then created.
   
7. Select the “DisallowRun” folder on the left pane.
8. Right-click a blank area on the right side and add a new “DWORD (32-bit) Value” named “1“.
9. Open “1” and give it a Value with the application you would like to block, like “itunes.exe“.
10. Repeat steps 8 and 9 with any additional applications you wish to block, only increase the number used in the “DWORD (32-bit) Value” each time (2, 3, 4 ,5, etc)

So if I wanted to block two applications, “itunes.exe” and “bittorrent.exe“, my Registry Editor would look like this…

 

From now on the user will get a message “This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator.” when he tries to run the programs you added.

I should mention that if the user is smart enough to rename the program file, they will be able to run the program again.

If this tutorial does not meet your needs, you might be able to use Applocker for your needs. Using Applocker allows you to deny access to applications based on publisher, path, or file hash. See more info about Applocker at Microsoft Technet.