How to block desktop app access in Windows 10?

If you are running Windows 10 on your computer or laptop and want to disable access to specific applications, this is possible in Windows 10. Reasons may be various to strict some apps on your computer like you want to prevent users from launching built-in tools (such as PowerShell and Command Prompt), run scripts, or make unwanted system changes. It may also be happening; you have installed some apps on your PC and don’t want to access someone else. It may also happen, to comply with your organization’s policy, you need to restrict access to some of the best Windows apps.

Whatever the reason it might be, if you want to restrict access to some specific applications on Windows 10, it is possible by at least two ways, using Group Policy Editor or Security Policy console.

This post will guide you on the steps to disable access to one or more desktop applications on your computer.

How to disable apps access using Group Policy on Windows 10?

To disable access to certain apps on Windows 10 with Local Group Policy editor, perform the following steps:-

Step 1. Press Windows Logo + R keys to open the Run dialog box. Type gpedit.msc and press Enter from the keyboard to launch the Local Group Policy Editor.

Step 2. Browse for the following path under the Local Group Policy Editor window:-

User Configuration > Administrative Templates > System

Step 3. From the right side pane, double-click the policy “Don’t run specified Windows applications.”

Step 4. “Don’t run specified Windows applications” policy properties will open.

Step 5. Select the Enabled option and then click the Show button.

Step 6. Confirm the names of the apps you want to block.

Note: You have to enter the app one per line. Also, you need to specify the “.exe” file extension to block the app. For example, to block Command Prompt, you should add cmd.exe, and powershell.exe will block the PowerShell.

Step 7. Click OK.

Step 8. Click Apply then OK button.

Once you complete the steps, the specified apps will no longer be accessible by any users configured on your computer. The settings are applied immediately; however, you can restart your computer to ensure the policy has been applied.

When you try to open the blocked app, you will get an error message, ‘This operation has been canceled due to restrictions in effect on this computer. Please contact your system administrator.”

In case you want to revert the changes, on the above step 5, select the option Not configured. Restrictions are removed immediately.

Note: If you are running Windows 10 Home edition, you have to enable the Group Policy Editor (gpedit.msc) using this guideline.

How to disable apps access using Security Policy?

This is the second option through which you can disable app access on Windows 10 PC. To prevent or stop all users from launching specific apps on Windows 10 PC, perform the following changes in the Local Security Policy:-

Step 1. Click on the Start menu and type Local Security Policy. From the available search results, click on the Local Security Policy.

Step 2. Double-click on the Software Restriction Policies branch to expand it.

Step 3. Right-click the Additional Rules category and select the New Hash Rule option from the drop-down that appears.

Step 4. Once you click the “New Hash Rule,” a New Hash Rule window will open.

Step 5. Click the Browse button and select the application to which you want to restrict access to all the users on your Windows 10.

Note: Only select the executable file which you want to block.

Step 6. Click the Open button.

Step 7. Click the Apply button.

Step 8. Click the OK button.

Step 9. Finally, restart the computer to take effect the changes.

Once you complete the above steps, all users will no longer be able to launch the specified application. To restrict more apps, you can repeat the steps to block access for other desktop applications.

To allow access to the apps or remove the restriction, delete the entry you have made on step 4 above.

Similarly, you can also restrict access to the Task Manager and Registry.

Leave a Reply