Главная » Linux

Run only specified windows applications

Содержание
  1. Configure and allow Windows 10 to run Specified Programs only
  2. Run only specified Windows Applications
  3. Policy editor / run only specified Windows applications / Disable search in tablet mode
  4. Replies (3) 
  5. Run only specified windows applications
  6. Asked by:
  7. Question
  8. All replies
  9. Policy editor / run only specified Windows applications / Disable search in tablet mode
  10. Replies (3) 
  11. Run only specified windows applications
  12. Answered by:
  13. Question

Configure and allow Windows 10 to run Specified Programs only

In certain situations, you might want to allow others to run only programs you specify on your computer. What you need is the Windows Group Policy Editor (which is available in Professional and above versions of Windows). To open Group Policy Editor, press the Start button, type gpedit.msc, and press Enter.

Run only specified Windows Applications

Explore down to User Configuration > Administrative Templates > System in the left pane.

Now double click Run only specified Windows Applications.

From the checkbox, select Enabled. To set the allowed applications, click Show from under Options.

Now click right next to the star (*) under Value and enter the name of the applications which you want to run. For example if you want to run Firefox, enter firefox.exe.

This setting will limit the Windows programs that users have permission to run on the computer. If you enable this setting, users can only run programs that you add to the List of Allowed Applications.

Click OK and you are done. Now the user will only be able to open the programs you specify this way.

Do note that this setting only prevents users from running programs that are started by the Windows Explorer process. It does not prevent users from running programs such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt, Cmd.exe, this setting does not prevent them from starting programs in the command window that they are not permitted to start by using Windows Explorer.

Incidentally, you might want to check out Windows Program Blocker, a free App or Application blocker software to block software from running on Windows 10/8/7.

Policy editor / run only specified Windows applications / Disable search in tablet mode

I found on the internet that removing the search from the taskbar in tablet mode is not possible.

I want to prevent users opening programs except Edge and IE and added those 2 programs in the policy editor at ‘Run only specified Windows applications’.

Now can a user still open explorer by searching for any program with the search option in tablet mode (which I rely on) and right clicking the program and selecting ‘Open file location’.

This is a totally unwanted situation. How can I disable search completely from tablet mode or prevent opening explorer from the contect menu in the search results?

Replies (3) 

Windows Explorer is a primary desktop shell and if you’ll remove it altogether will create a lot of side effects that are usually not desirable. However, you can easily disable various features of Windows Explorer using Group policy or registry keys.

Meanwhile, we suggest that you hide all folders on the user specific section of the Start menu. Using Group policy under User Configuration\AdministrativeTemplates\Start Menu & Taskbar, look for Remove user’s folders from the start menu. This will hide the Windows Explorer folder on the quick launch bar.

Читайте также:  Устройство не может быть размонтировано astra linux

As for disabling the Search feature, follow the steps below to disable this via Windows Services:

  1. Type in services.msc on the search bar and select the top most result.
  2. On the services window, look for Windows Search.
  3. Double click Windows Search to open Properties.
  4. Under General tab, look for Startup type and set it to Disabled.

Let us know if you need further assistance.

Was this reply helpful?

Sorry this didn’t help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

I don’t want to remove explorer, the main explorer task must run, but opening a new explorer (file explorer window) should be blocked.

I already have disabled the search service, but that doesn’t prevent the search from the search (looking glass) from the taskbar. That search function can’t be disabled as far as I know when in tablet mode.

I already did hide almost everything for the user with the policy editor and with the policy editor I only allow Edge and IE. With the search (in the taskbar) the user indeed can’t open explorer, it can be found by typing explorer, but clicking on it doesn’t open it. BUT if the user serahces for eg. Powershell (which is also blocked) and the user right-clicks on the name, then a context menu appears with ‘Open file location’ in it. If the user clicks that, then explorer still opens while I blocked explorer with the policy editor.

I think this is a bug. I’ll post it also in the feedback hub, but for now there is no way to block the user for opening explorer unless I disable tablet mode, but the tablet mode is a necessary in the configuration I want the users to operate in.

I’ll explain what I want and what I already have blocked:

  • A tablet with Windows 10 — done
  • Show only start in full screen without all-programs — done
  • Show only a shortcut on start to a localhost website — done
  • Allow opening links from IE in Edge — done
  • Forbid opening all other programs — half done, this is where the bug is an issue. Removing the search option in the taskbar would help, but can’t.
  • Block all taskbar settings — done
  • Disable settings — done
  • Block everything else — done

Run only specified windows applications

This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Asked by:

Question

I currently have a Domain Controller with a policy which Runs only specified Windows applications, this is so we can restrict users from opening unauthorised software.

We would like to install software on the accounts with this security setting enabled however, it blocks the installation .exe. Is it possible to set it up so that it allows any installation media to be run when running as administrator? As it still blocks the installation even when running as an admin.

In the perfect world, we want users to block all software except that on the list except, be able to run files and programs if we run as admin (and enter admin credentials), mainly used when needing to install software.

Читайте также:  Как форматировать компьютер без удаления windows

Thanks in advance,

All replies

Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Hi, thanks for the response.

1. I’m using the «Run only specified Windows applications» which can be found at «User Configuration > Policies > Administrative Templates > System». Basically, you input what process names you want to allow through (for example spotify.exe) and it blacklists everything else. This means that if I have a new installer, I can’t run it because it’s not part of the run only list.

I’d like a quick and dirty way to bypass this if I need to install software on a machine, on the fly. So ideally I could right click, run as admin, input admin credentials and bypass the blocker so that I can run the installer really quick.

2. As from above, it’s currently a User Configuration policy.

In my opinion, if an application which need to be installed on client computer and restricted to run, it will be not we need.
0add the applications which need to be run or installed on client computer to the list of «run only specified windows applications»
1 add the restricted test domain user account to the power users group of local computer.
for example i set «run only specified windows applications» gpo for test109 and add 7zip as allowed application .add test109 to local computer poweruser group(test109 is not in local administrators group).
after i logon test109 domain account ,when i run 7z1085x64.exe install application. It need to use administrator account to install 7zip application.

Policy editor / run only specified Windows applications / Disable search in tablet mode

I found on the internet that removing the search from the taskbar in tablet mode is not possible.

I want to prevent users opening programs except Edge and IE and added those 2 programs in the policy editor at ‘Run only specified Windows applications’.

Now can a user still open explorer by searching for any program with the search option in tablet mode (which I rely on) and right clicking the program and selecting ‘Open file location’.

This is a totally unwanted situation. How can I disable search completely from tablet mode or prevent opening explorer from the contect menu in the search results?

Replies (3) 

Windows Explorer is a primary desktop shell and if you’ll remove it altogether will create a lot of side effects that are usually not desirable. However, you can easily disable various features of Windows Explorer using Group policy or registry keys.

Meanwhile, we suggest that you hide all folders on the user specific section of the Start menu. Using Group policy under User Configuration\AdministrativeTemplates\Start Menu & Taskbar, look for Remove user’s folders from the start menu. This will hide the Windows Explorer folder on the quick launch bar.

As for disabling the Search feature, follow the steps below to disable this via Windows Services:

  1. Type in services.msc on the search bar and select the top most result.
  2. On the services window, look for Windows Search.
  3. Double click Windows Search to open Properties.
  4. Under General tab, look for Startup type and set it to Disabled.

Let us know if you need further assistance.

Читайте также:  Windows 10 погода как включить

Was this reply helpful?

Sorry this didn’t help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

I don’t want to remove explorer, the main explorer task must run, but opening a new explorer (file explorer window) should be blocked.

I already have disabled the search service, but that doesn’t prevent the search from the search (looking glass) from the taskbar. That search function can’t be disabled as far as I know when in tablet mode.

I already did hide almost everything for the user with the policy editor and with the policy editor I only allow Edge and IE. With the search (in the taskbar) the user indeed can’t open explorer, it can be found by typing explorer, but clicking on it doesn’t open it. BUT if the user serahces for eg. Powershell (which is also blocked) and the user right-clicks on the name, then a context menu appears with ‘Open file location’ in it. If the user clicks that, then explorer still opens while I blocked explorer with the policy editor.

I think this is a bug. I’ll post it also in the feedback hub, but for now there is no way to block the user for opening explorer unless I disable tablet mode, but the tablet mode is a necessary in the configuration I want the users to operate in.

I’ll explain what I want and what I already have blocked:

  • A tablet with Windows 10 — done
  • Show only start in full screen without all-programs — done
  • Show only a shortcut on start to a localhost website — done
  • Allow opening links from IE in Edge — done
  • Forbid opening all other programs — half done, this is where the bug is an issue. Removing the search option in the taskbar would help, but can’t.
  • Block all taskbar settings — done
  • Disable settings — done
  • Block everything else — done

Run only specified windows applications

This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Answered by:

Question

I am trying to restrict the applications usage on the client computer. The client computer is not domain joined.

In Local Group Policy editor (gpedit.msc), i modified the policy, on the left pane, click/tap on to expand User Configuration, Administrative Templates, and System, double click/tap on Run only specified Windows applications to edit it.

We added notepad.exe here.

After that, on the client machine, i can open Notepad application as expected and cannot other applications, such as Word, PowerPoint and Firefox.

However, I also cannot open CMD. In the policy description, it shows » It does not prevent users from running programs such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt, Cmd.exe, this setting does not prevent them from starting programs in the command window that they are not permitted to start by using Windows Explorer. «

The user i used on the client computer is the local administrator with access the CMD definitely. So, what is the problem?

If i can not open CMD, how can i open others applications from the CMD as the policy descripted?

Оцените статью
© 2024 Советы по настройке компьютера