In certain situations and work environments, you may not want PC users to run certain applications. For example, if you are in an office it is quite understandable that you need to block access to PowerShell, MS-DOS, or any other program capable of making system-level changes in Windows.
It may also make sense at the productivity level that you want to prevent access to the media player or any other application that users simply should not be using. How to do it?
How to block access to apps in Windows 10
Unfortunately, Windows 10 does not have a specific tool to block applications on the fly. However, it does allow this type of restriction using the group policy editor and the local security policy editor on the PC.
Method # 1: Group Policies
If you want to block apps or a program for all users of a Windows 10 computer, follow the steps below.
- Press the Win + R key combination and run the command ” gpedit.msc ” to open the local group policy editor. You can also enter this command from the Windows taskbar browser.
- In the left side menu, navigate to the following path: ” User Configuration -> Administrative Templates -> System. “
- Click on the option “Do not run specified Windows applications” in the menu on the right.
- In this new window, check the ” Enabled ” box and click on the ” Show ” button.
- In the list of not allowed applications, write the name of the executable file (* .exe) of the program you want to block. Use one line for each program that you want to block in this way.
- Click on “Accept” to save the changes.
- Finally, press the “Apply” button to apply the changes to the computer.
For example, if you want to block access to the MS-DOS terminal window, you will write “cmd.exe” which is the name of the executable file. The same happens with PowerShell, in which case you will have to enter the executable “powershell.exe”. If you also wanted to block the Chrome browser, then you have to write “chrome.exe”, and so on with the rest of the applications to which you want to prevent access.
Note
From this point on, any user who tries to open any of the blocked programs simply will not be able to do so. The programs will continue to appear in the list of applications as if nothing had happened, but when you click on them, they will not open or load on the screen. Nothing will happen, and Windows will not show any error messages either. Of course, the programs will not run and will be blocked for anyone who tries to use them.
Note that these default locks will apply to all users unless you configure a specific local group policy for certain users or groups of users.
Method # 2: Local Security Policies
If you prefer to block access to apps by applying Windows local security policies, follow these steps.
- Press the Win + R key combination and run the command ” secpol.msc ” to open the Local Security Policy. You can also enter this command from the Windows taskbar browser.
- In the menu on the left, click on ” Software Restriction Policies. “ Open the drop-down and right-click on the “Additional rules” folder. Select “New Hash Rule.”
- Note: If the “Software Restriction Policies” folder does not have a subfolder, simply right-click on it and select ” New Software Restriction Policies .” Next, go to “Additional rules” and select “New hash rule,” as we have done in the previous point.
- In the “New hash rule” window, click on the ” Browse ” button.
- Navigate to the folder where the program you want to block is located. Locate the executable file and select it. For example, if you want to block MS-DOS, go to the folder “C: \ Windows \ System32” and select the executable “cmd.exe”.
- To apply the changes, click on “Apply” and “OK.”
- Finally, restart the PC.
Of course, if you want to add another application to the list of blocked programs, you will only have to create a new hash rule in the software restriction directives. Remember, a hash rule for each program that you want to block. If at any time you want to give access to that application again, simply delete the rule, and that’s it.