+3 votes
314 views
Restrict or block use of specific programs in Windows 10 GPO or Registry

in Security by (552k points)
reopened | 314 views

1 Answer

+4 votes
Best answer

1. Restrict the use of programs in Windows 10 using the Registry Editor
2. Restrict the use of programs in Windows 10 using the GPO Editor

Security must always be one of the main reasons to be managed regardless of the type of user we are (home or company) since any failure or vulnerability will put at risk not only that information but many other general aspects of the system itself, such as configuration or services. There are several techniques or tasks that put security at risk in Windows 10 and one of the most common is the installation and execution of applications since these may contain malicious code that will affect many system parameters..

In addition, the execution of certain applications can be a productivity problem, especially in corporate environments, since many users can run applications that affect their performance. As administrators we must take the necessary measures so that these users do not run these applications during a work schedule.

No third-party software or large configurations are required in the firewall rules since TechnoWikis will explain in a simple and practical way how to restrict the use of applications or programs in Windows 10..


1. Restrict the use of programs in Windows 10 using the Registry Editor


The Windows 10 registry editor is a central point from which we have the opportunity to apply changes in various system functions both at the general level and at the user level. Before executing this process it is recommended to create a restoration point in case any configuration can go wrong and thus have the possibility of recovering the normal operation of the system.
Step 1

To access the Registry Editor we will use the following key combination and execute the regedit command:

+ R

image

Step 2

In the editor window we will go to the following route:
 HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer 
image
Note
In case the Explorer key is not available, we must right click on "Policies" and there select the option "New / Password" and assign the name "Explorer".
Step 2

Now we will right click somewhere in the Explorer key and select the option "New / Value of DWORD (32 bits)": image
Step 3

This DWORD value will be called "DisallowRun": image
Step 4

Now we double click on this value, or right click / Modify, and in the field "Value information" enter the number 1. Click OK to save the changes.

image

Step 5

The next step will be to right click on the "Policies" key and there select the "New / Password" route: image
Step 6

This new key will be called "DisallowRun": image
Step 7

Now we will right click on the DisallowRun key and select the "New / String Value" option: image
Step 8

This new value will be called 1: image
Step 9

There we double click on this string value and in the "Value information" field we will enter the name of the executable to block:

image

Step 10

We click on OK to save the changes and when we want to execute this application, we will see the following message. If we want to block more applications, we must create string values ​​in consecutive order (2, 3, 4, etc)

image


2. Restrict the use of programs in Windows 10 using the GPO Editor


Group policies are other options that we have to manage numerous parameters of both the operating system and its users.
Step 1

To access this editor, we will use the following keys and execute the following command:

+ R

 gpedit.msc 
Note
This option only applies to Windows 10 Pro and Enterprise editions.

image

Step 2

Click OK and in the displayed window we go to the following route:
  • User configuration
  • Administrative Templates
  • All values
Step 3

In the central console we locate the policy called "Run only specified Windows applications": image
Step 4

We double-click on it and in the pop-up window we activate the "Enable" box:

image

Step 5

The "Show" button is activated, which we will press and in the respective field we will enter the name of the executable to block. Click OK and then click Apply and Accept to save the changes. This process will block this application for all users of the system,

image

Step 6

If we want to block a program for a single user it will be necessary to add the Group Policy Object Editor plugin to the Microsoft Management Console. To achieve this we will use the following keys and execute the mmc command:

+ R

 mmc 

image

Step 7

Press Enter and in the expanded window we will go to the menu "File / Add or remove add-ons" or we can use the following keys:

+ M Ctrl + M

image
Step 8

In the displayed window, select "Group Policy Object Editor":

image

Step 9

We click on "Add" and the following window will be displayed:

image

Step 10

We click on the "Browse" button and in the pop-up window we go to the "Users" tab and there we select the user in which the application will be blocked:

image

Step 11

Click on OK and we will see the following. There we see the route of that user, we click on the "Finish" button to complete the process.

image

Step 12

Now it will be possible from there to configure the policies only for that particular user: image
Step 13

If we want to save this template for future changes, we will go to the File / Save as menu and store this template in the default path with the extension .msc:

image

As simple as that, we can block a program especially in Windows 10 without using any third-party application and with the best efficiency and security features.


by (3.5m points)
edited

Related questions

+4 votes
1 answer
+3 votes
1 answer
+3 votes
1 answer
+5 votes
1 answer
+3 votes
1 answer
asked Oct 3, 2019 in Windows 10 by backtothefuture (552k points) | 255 views
Sponsored articles cost $40 per post. You can contact us via Feedback

Most popular questions within the last 30 days

10,659 questions
10,791 answers
510 comments
3 users