Configure and allow Windows to run Specified Programs only

In certain situations, you might want to allow others to run only programs you specify on your computer. What you need is the Group Policy Editor (which is available in Professional and Enterprise editions) in Windows 11 or Windows 10.

Allow only specified programs to run using Group Policy Editor

To open Group Policy Editor, press the Start button, type gpedit.msc, and press Enter.

Explore down to User Configuration > Administrative Templates > System in the left pane.

Now double click Run only specified Windows Applications.

From the checkbox, select Enabled. To set the allowed applications, click Show from under Options.

Now click right next to the star (*) under Value and enter the name of the applications that you want to run. For example, if you want to run Firefox, enter firefox.exe.

This setting will limit the Windows programs that users have permission to run on the computer. If you enable this setting, users can only run programs that you add to the List of Allowed Applications.

Click OK and you are done. Now the user will only be able to open the programs you specify this way.

Read: How to block EXE files from running using Group Policy

Do note that this setting only prevents users from running programs that are started by the Windows Explorer process. It does not prevent users from running programs such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt, Cmd.exe, this setting does not prevent them from starting programs in the command window that they are not permitted to start by using File Explorer.

If you have Windows Enterprise or  Education edition, you may use the AppLocker tool to specify which users or groups can run particular applications.

For non-business editions like Windows 11/10 Home, you may use the Family Safety feature to restrict apps for user accounts (especially child accounts).

Several third-party software such as VoodooShield also helps you blacklist or whitelist programs on your Windows 11/10 PC.

Incidentally, you might want to check out Windows Program Blocker, a free App or Application blocker software to block software from running on Windows 11/10.

TIP: How to prevent users from installing programs and how to prevent Anyone from Uninstalling Metro Applications may also interest you.

How one can configure Windows to allow only selected applications to use Internet?

You may use Firewall settings to configure Windows 11/10 to allow only selected applications to use the internet. To ensure that only the selected applications have Internet access while blocking all others, you need to create a comprehensive set of ‘Allow the connection’ and ‘Block the connection’ rules that apply to available network profiles on your system. Also, ensure that the ‘Allow’ rule is processed before the ‘Block’ rule. Be cautious with blocking rules as some essential Windows services and updates may rely on Internet access.

How do I give permission to a program in Windows?

To control app permissions like access to location, camera, microphone, etc., open the Settings app and go to Privacy & security. Scroll down to the App permissions section. Select the type of permission and toggle the switches to enable or disable permissions for individual apps. To grant permanent administrative rights to apps, right-click the app’s shortcut or executable, and choose Properties. Go to the Compatibility tab. Check the box for ‘Run this program as an administrator’ and click OK.