Restrict programs that can be run in Windows NT / Windows 2000

by Wayne Maples [Published on 20 April 2004 / Last Updated on 20 April 2004]

One can restrict the programs that a user can run by setting the RestrictRun which will restrict the user to programs in the Explorer\Restrict subkey. Apply the following Windows NT / Windows 2000 registry hack:

Hive: HKEY_CURRENT_USER
Key: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Name: RestrictRun
Type: REG_DWORD
Value: 1

This setting applies the restriction to Explorer (note the key policy applied to). Users can still run applications from Run command and command shell.

If any DOS programs are in the list, be sure ntvdm.exe is in the list of allowed programs. ntvdm.exe is needed to create dos space for your dos program to run in.

Desktop and Explorer Restrictions Tips:

Desktop icons hidden
File menu in Explorer is removed
Map Network Drive and Disconnect Network Drive menu from Explorer removed
Network Neighborhood icon removed and prevent network access from Explorer
Common Groups from Start Menu removed
Find command removed from Start Menu
Run command removed from Start Menu
Shut Down button removed from Start Menu
Control Panel, Printers and My Computer in Explorer hidden and on Start Menu
Taskbar on the Start Menu hidden
Most Recently Used entries removed from Run history
Menus do not display upon right click on Taskbar, Start Button, Clock, or Taskbar icons
Menus do not display upon right-click of Desktop or Explorer's Results pane.
Only programs in Restrict subkey can be run
Remove Run command from Start menu

Featured Links