This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 97%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJL%3C/text%3E%3C/svg%3E)
I need to restrict a local autologin standard user account to allow only a small set of apps; I can do this quickly with a domain account using GPOs, but there has to be an option.
The machine is called Kiosk1; the local user account is called Kioskone
I need to restrict it to be able only to run (Word, Excel, Edge, PowerPoint, calendar, calculator)
But I want other accounts to have no restrictions. So I can log in and adjust settings and apply updates.
I hoped to use the “Run only specified Windows apps” option. I have been able to restrict apps but hope to avoid entering all 1000+ exes into a list in regedit;
I hoped that there is a version of “run only specified application.”
It would also be cumbersome to go into the properties of all apps and remove this local account’s access.
The machine is part of my renegade nerds on Vespa’s domain.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 67%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDJ%3C/text%3E%3C/svg%3E)
You can do this using local policy
1-Open mmc
2-Browse for group policy
3-There is an option to select specific user to apply this policy
4-Then you can use software restriction policy to restrict unwanted applications
please refer this document for SRP configuration
First thank you, but I am not putting two and two together I found this SRP document before I posted this, question. that part I am not seeing it were the list of allow software goes. I only need those apps I outlines in my post with all others blocked. I have been able to use the steps to block all access for non-admin but even with an allow rule it won't let me run anything as the local auto logon account.
reminder I only have 7 apps I need the local non-admin account to be able to run
I am able to do what I need with a local GPO but it is a heck of a KLUDGE because I am loosing the ability to tie it only to the local account instead I am leave it open and removing access to the apps I don't want the local account to run under security permission which is very much sub optimal.
What I am trying to do it
Local user autologon account logs in and can only run the seven apps on the list
Any domain account logs in and has normal access.
