As a system administrator, you may have encountered users abusing various types of applications on network computers, which could harm your system. If you're looking for a way to block apps or files, there are several options you can do.
Step
Method 1 of 3: Using the Group Policy Editor
Step 1. Check the Windows version
If you're using a Professional version of Windows, use the Group Policy Editor to add apps that are allowed to run on the list. Similarly, you can use the procedure to block applications that are not allowed to run on the system network. The tool has several useful features, including the ability to control or block apps based on rules you define. It is recommended that you back up all data just in case something goes wrong.
Step 2. Click the Start menu
Step 3. Type "gpedit
msc into the search box.
Press the Enter key to perform a search.
Step 4. Expand the User Configuration option when the Group Policy Editor is displayed
After that, expand the Administrative Templates option, then expand the System option. Under the Settings command, scroll down and double-click on one of the following two options:
- If you want to restrict certain applications, click "Run only specified Windows applications". Proceed to Step 4 if you selected this option.
- If you want to block some applications, click "Don't run specified Windows applications". Proceed to step 5 if you selected this option.
Step 5. Enable “Run only specified Windows applications”
Under Options, click the Show button next to the list of apps that are allowed to run. The Show Contents box will open, in which you can type the name of the application that the user is allowed to run.
- For example, you can type notepad.exe.
- After filling out the list, click OK, then close the Groupd Policy Editor.
Step 6. Enable “Don’t run specified Windows applications option”
After enabling it, click Show > Add.
Step 7. Type the name of the.exe file that you want to block so that it cannot be run by the user
- For example, type iexplore.exe.
- When finished filling out the list, click "OK", then close the Group Policy Editor".
- If a user on the network tries to access someone who is not on the list of allowed applications, or is on the list of applications that are blocked by you, a message like the following will appear: “This operation has been canceled due to restrictions in effect in this computer.. Please contact your system administrator”.
Method 2 of 3: Hacking the Registry
Step 1. Check your Windows version
If you are not using a Professional version of Windows, you can block the application from running by hacking the registry. Keep in mind that serious things can happen if you don't do it right, so it's highly recommended that you back up your data before doing so.
Step 2. Do a search in the registry, then create some keys
You can press the Win+R key combination on your keyboard to open regedit.ext, then enter the key listed below: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Step 3. Create a new 32-bit DWORD with the name DisallowRun
Perform this step in the right pane of the screen, with the value set to 1.
Step 4. Create another key with the name DisallowRun
Create the key in the left pane, under key Explorer.
If the key doesn't exist, you can create it by right-clicking on the panel, then selecting the option to create a new key
Step 5. Create multiple String values, starting with 1
Do this in the right pane, just below the DisallowRun key.
- Continue in numerical order (the number 1 will be followed by 2, then followed by 3, and so on).
-
For example, if you want to block apps like Firefox and iTunes from running, you'll need to add a key like this:
1 Firefox.exe
2 itunes.exe
Step 6. Restart the computer
The changes will take effect immediately when you try to run the application.
You will see a message appear with the words “This operation has been canceled due to restrictions in effect on this computer. Please contact your system administrator”
Method 3 of 3: Creating Files to Hack the Registry
Step 1. Open Notepad, then paste the text below
-
Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
“DisallowRun”=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun]
“1″=”applicationA.exe”
“2″=”applicationB.exe”
Step 2. Enter the name of the application into the specified section of the file
Save the file as AnyName.reg.
- You must ensure that the filename ends in.reg in order to use it. After that, you can double click on the file.
- It's important to remember that hacking the registry can't block some things running as services on the computer.
- Most malware and spyware can take advantage of Windows' rundll32 utility to run services without using the.exe file. This method cannot be used to block services and applications of that type.