This step-by-step article describes two methods that you can use to restrict users from running specific Windows programs on a Windows 2000-based computer. You can restrict users from running specific programs by either using Group Policy or editing the Windows registry.
Method 2: How to Restrict Users from Running Specific Windows Programs by Editing the Registry
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
To restrict users from running specific Windows programs by editing the registry, follow these steps:
For each program that you want to prevent users from running, create a new string value in the DisallowRun subkey that you created in step 4. Use consecutive numbers to name the string values (starting with 1), and use the executable file name for the program as the data for the string value.
For example, if you want to restrict users from running Microsoft Internet Explorer:
Right-click the following registry key, point to New, and then click String Value:
Group Policy background processing can take up to 5 minutes to be refreshed on domain controllers and up to 120 minutes to be refreshed on client computers. To force background processing of Group Policy settings, use the Secedit.exe tool:
Click Start, and then click Run.
In the Open box, type cmd, and then click OK.
Type secedit /refreshpolicy user_policy /enforce, and then press ENTER.
Type secedit /refreshpolicy machine_policy /enforce, and then press ENTER.
Type exit, and then press ENTER to quit the command prompt.