User Configuration\Administrative Templates\System
Description
Limits the Windows programs that users have permission to run on the computer.
If you enable this policy, users can only run programs that you add to the
List of Allowed Applications
in this policy.
.gif)
Note
This policy only prevents users from running programs that are started by the Windows Explorer process. It does not prevent users from running programs such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt, Cmd.exe, this policy does not prevent them from starting programs in the command window that they are not permitted to start by using Windows Explorer.
When both the
Run only allowed Windows applications
policy and the
Don't run specified Windows applications
policy are enabled, they are both applied. Users can only run the programs listed in the
Run only allowed Windows applications
policy. However, if a program in that list is prohibited by the
Don't run specified Windows applications
policy, it does not run.
Related Policies
.gif)
Don't run specified Windows applications