Via windows registry:
[ Reference:
http://www.kellys-ko...er-xp.com/xp_abc.htm ]
Applications - Restrict Users from Running Specific ApplicationsThis setting allows you to specify applications and filenames that users are restricted from running.
Open your registry and find the key [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion \Policies\Explorer]
Create a new DWORD value and name it "DisallowRun" set the value to "1" to enable application restrictions or "0" to allow all applications to run.
Then create a new sub-key called [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion \Policies\Explorer\DisallowRun] and define the applications the are to be restricted. Creating a new string value for each application, named as consecutive numbers, and setting the value to the filename to be restricted (e.g. "regedit.exe").
Explained: DK
Right click in the right pane and select New, DWord value. Name the new value DisallowRun. Double click the new value and set it to 1. Then right click on the Explorer sub branch, in the left pane and select New, Key Name the new key Disallow Run. Highlight this key, then in the right pane, right click and select New, String value. Give it "1" for
the name, without the quotes.
Double click this new value and enter the actual file name of the executable you wish to restrict this user from
running. Example: calc.exe This prevents this user from running Calculator. They'll get a "This operation has been cancelled message" when they try. Note: The way around this is for the user to rename Calc.exe to something else. For additional entries, just give the "values" names in numerical order, 1, 2, 3, 4 and so on. DisallowRunReg and DisallowRunCalc
Restart Windows for the changes to take effect.
Applications - Restrict Applications Users Can RunHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer. Value Name: RestrictRun
Open your registry and find the key [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion \Policies\Explorer]
Create a new DWORD value and name it "RestrictRun" set the value to "1" to enable application restrictions or "0" to allow all applications to run.
Then create a new sub-key called [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion \Policies\Explorer\RestrictRun] and define the applications that are allowed. Creating a new string value for each application, named as consecutive numbers, and setting the value to the filename to be allowed (e.g. "regedit.exe" and "calc.exe").
Explained: DK
This example prevents any applications but those that you specify from being run:
Right click in the Right pane and select New, DWord value and name the new value RestrictRun Double click this entry
and set it to 1. Right click on the Explorer sub branch, in the left pane and select New, Key Name the new key RestrictRun. Highlight this key, then in the right pane, right click and select New, String value. Give it "1" for the name, without the quotes. Double click this new value and enter the actual file name of the executable you wish to restrict this user from running. Example: calc.exe Right click again, select New, String value, name the new value "2". Double click the new
value, enter REGEDIT.EXE
This example would only allow Calculator and REGEDIT to be run. Be VERY careful with this setting. You could wind up locking yourself out of REGEDIT if you were to use the restrictions on your Administrator account.
Restart Windows for the changes to take effect.
Note: If you are the person who applies Group Policy, do not apply this policy to yourself. If applied too broadly, this policy can prevent administrators from running Group Policy or the registry editors. As a result, once applied, you cannot change this policy except by reinstalling Windows XP.
Software Restriction Policies may be set to determine what software may or may not be run by users on the system. (Jim Cavalaris [MS])
Software Restriction Policies can be configured via the group policy editor (gpedit.msc) at:
Local Computer Policy -->Computer Configuration -->Windows Settings -->Security Settings -->Software Restriction Policies. Policy can be set to either: restrict users from running specified programs - OR -restrict users to allow ONLY the specified programs to be run.
For a non-domain machine, policy can be applied to all users on the system, or non-Admin users only (Admins are not affected by the policy, and may run any/all programs). you cannot specify this policy for only certain users, but for a non-domain machine, the Admin/non-Admin breakdown may be sufficient.