blocking users from running windows applications windows 10 home

J Gould 0 Reputation points
2023-02-26T05:00:05.6066667+00:00

I have a client that wants their computer from running executables

only wants Edge to run

The computer is for filling out job applications only.

I used RegEdit to make this happen but it did not work'

The Explorer path already existed I made the DisallowRun path.

I created two new strings in the DisallowRun folder named 1 and value data Notepad.exe and the other string named 2 with the data value Paint.exe

Computer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

it did not block anything.

I also use Gpedit.msc Administrative Templates\System don't run specified windows applications with the notepad.exe and paint.exe it did not work.

I tried run ONLYspecified windows applications and that did not work?

i have NO idea why things are not working.

the computer is a Dell Laptop Windows 10 home.

Version 10.0.19045 Build 19045

I watched several videos on YouTube using windows 10 home and they claim

that it worked on their system.

Thank you.

James Gould

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,818 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Anthony Czarnik 6 Reputation points
    2023-02-27T00:45:36.74+00:00

    Its my understanding that kiosk mode isn't supported in Windows 10 Home edition. It looks like this is what you're trying to accomplish, for the most part. In my experience, it isn't worth it to hack together a band-aid solution with a load of regkey edits that you are then on the hook to support. Just have them upgrade the edition to Pro, and set it up for them using best practices.

    0 comments No comments

  2. Limitless Technology 44,011 Reputation points
    2023-02-27T13:03:39.7366667+00:00

    Hello

    Unfortunately Windows will not allow to block "all exes but a few" since that could affect the behavior of the system, running services, etc...

    For DisallowRun to work you need to edit in the next way:

    Expand the following:

    1.HKEY_CURRENT_USER>SOFTWARE>Microsoft>Windows>CurrentVersion>Policies>Explorer

    2.Right-click a blank area on the right side and add a new “DWORD (32-bit) Value” named “DisallowRun“.

    3.Open “DisallowRun” and give it a Value of “1“.

    4.Right-click and add a new “Key“, also named “DisallowRun“. The folder is then created.

    5.Select the “DisallowRun” folder on the left pane.

    6.Right-click a blank area on the right side and add a new “DWORD (32-bit) Value” named “1“.

    7.Open “1” and give it a Value with the application you would like to block, like “notepad.exe“.

    8.Repeat steps 6 and 7 with any additional applications you wish to block, only increase the number used in the “DWORD (32-bit) Value” each time (2, 3, 4 ,5, etc)

    Other option is to block EXE files in specific folders, this way:

    1. In GPEDIT.MSC navigate to Computer Configuration > Windows Settings > Security Settings > Software Restriction Policies

    2.At the location, on the left navigation pane, click the Software Restriction Policies folder to collapse it.

    3.Next, right-click the Additional Rules folder node.

    4.Select New Path Rule… from the context menu.

    5.Now, enter the path to the folder that you want to prevent executable files to run from and make sure to suffix the *.exe at the end, so that you will only block executable files.

    6.Add a description if you like.

    7.Click Apply > OK to save the changes.

    8.Repeat for additional folders.

    For example you can add folders such as the next to prevent applications installed by the user

    C:\Windows\Temp*.exe

    C:\Windows\Temp**.exe

    %USERPROFILE%\AppData\Local*.exe

    %USERPROFILE%\AppData\Local**.exe

    %USERPROFILE%\AppData\Roaming*.exe

    %USERPROFILE%\AppData\Roaming**.exe

    --If the reply is helpful, please Upvote and Accept as answer--