Skip to main content

Allowing to Run only Certain Programs in a Windows Machine

By creating a standard user account, anyone could achieve this easily, but it might not provide enough protection as users could run most of the portable applications without any issue. In this guide we will look at how to restrict standard user accounts in a Windows machine.

Firstly, we need to create Local Group Policies (LGP) for all users except Administrators.

Search for “mmc.exe” and run it
“File” -> “Add/Remove Snap-in…”
“Group Policy Object Editor” (from the left pane) -> “Add” it to the right pane
“Browse” -> “Users” tab -> select “Non-Administrators” -> “ok”
“Finish” -> “ok” to close those popup windows
In the MMC console window: “File” -> “Save As” -> give it a name like “Non-Administrators-Group-Policy” -> “Save” (save it on the Desktop)
Now when you open this link, it will open the group policies to all users except administrators.

Second part is to create a list of programs that you want to allow,

Now open the group policy for non-administrators by clicking the shortcut we created in the first part.
“User Configuration” -> “System” -> “Run only specified Windows applications” -> “Enabled” -> click “show” next to “List of allowed applications” -> add all the applications one by one (for eg. notepad.exe) -> “Ok”


You may also interested in reading: