Controlling what programs users can run in Windows 7

I have held off posting this article since it was a “contributed” article from over 2 years ago. I have edited it a little. I lost the name of the original person who sent this to me. So if it was you, thanks.

Different versions of Window have different methods of controlling what users can and cannot do. The most common are the profile settings. In Windows 7 you have less choices than before, a user can either be an “Administrator” or a “Standard User” of course if you have a domain, you have many more choices, however most of my readers have small peer-to-peer networks.

You can configure Windows 7 so logged on users are only permitted to run specific applications. This is particularly useful for public or shared computers and keeping children out of some programs. This only applies to programs that run on your computer. Programs that run on the Internet will still work.

Note: The following steps do not apply to Windows 7 Home, another reason to only buy Windows 7 Professional. You will need to be logged on as an “Administrator” account.

1. Open the “Group Policy Editor” by clicking the Start icon.

2. Type in “gpedit.msc” in the Search box then press Enter, a new window will appear

3. Navigate the left side to the following location: “User Configuration | Administrative Templates | System”.

4. In the “Details” pane (right side of the window), double-click on “Run only specified Windows applications”.

5. Click on “Show”.

6. From the new window that appears, type in the executable file name for each application you want logged on users to be allowed to run.*

7. Click OK.

8. Click OK to close the remaining window.

Once you’ve completed the steps above, logged on users are only permitted to run those applications you listed. If a user attempts to launch an application not on the list, they will receive a message instead indicating that they are not permitted to run the application due to restrictions.

Test this by logging off the “Administrator” account and logging on as someone else.

* If you don’t know the different programs executable file name, you will need to open and navigate through the hard drive to “Program Files” find the program folder and then its executable name. They almost always end with “.exe”.

Until we meet again have a virus free week!

Leave a Reply

Your email address will not be published. Required fields are marked *