How to block programs from running (Windows 7)

2

1

I'm need to find an easy way to let a few end users block certain programs from running. to be a bit more specific;

At my school we have a couple of laptops (~15) that we use to make assessments, sometimes the users may not use Word, Excel, Calc, internet etc. After each test is made, we need to image the laptop again so no traces are being left. Of course we can add them to a GPO but then the IT service must every time check which programs mustn't be used and apply this rule to every laptop one-by-one (because there always different assessments at the same time).

So what i thought, was to just make a USB with .reg files where in I specified to block for example word, and name it "block word" so that the teacher who setup the assessment only have to click to block the programs.

But now my problem: I'm more of a Linux guy, actually i never made a .reg file so i search the net, but can't get it to work. Maybe can someone give me a template that I just need to fill in the path's ? Or is there an other way to do this easy (some tool) ?

thnx in advance

radriaanse

Posted 2014-02-25T08:38:34.880

Reputation: 123

You don't need to make a reg file if you already have the keys in Registry Editor. Just export the keys and you will have a reg file made with the keys. – ADTC – 2014-02-25T11:23:33.073

Answers

4

Solution

Here's a template you can use:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\whatever.exe]
"Debugger"="systray.exe"

To revert back you just need to remove the registry key:

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\whatever.exe]

Note Administrator rights (or enough rights to access the related registry key) are required in order to apply the changes.

How it works

The Image File Execution Options registry key was designed, among other things, to automatically launch a debugger when an application starts. While the debugger would start the application and attach, you can specify just any executable which will be run instead, thus overriding the original one.

What about systray.exe? It's a little stub program which was first introduced with Windows 95, and used to handle the system notification icons. It's not really used any more in the newer Windows versions, and it was mostly kept for backward compatibility reasons. It has no user interface, and doesn't do anything noticeable besides refreshing the notification area when started.

Remarks

  • Changes are applied immediately, and work regardless of the Windows 7 edition installed.

  • If you want to display a standard error message instead, replace systray.exe with %1 (any non-existing executable will do as well). Displaying a custom message would require creating either a custom program or script, and launch that.

Known limitations

  • Since the method is based on the program name, one could workaround it by renaming the executable to something. That can easily be avoided by making sure users the program is located in a directory which they don't have full control of (e.g. C:\Progam Files).

  • One could copy the whole program folder elsewhere (e.g. on the desktop) and then rename the executable. Some programs might not run that way, but others could. To avoid this, make sure users have no write permissions in their profile folders unless otherwise required.

References

and31415

Posted 2014-02-25T08:38:34.880

Reputation: 13 382

@and31415 Your last comment does not seem to be true on Windows 7. The command prompt still launches the debugger app. Here's hoping it will work in other programs, like Microsoft says they are required to support. – trlkly – 2014-10-18T05:32:05.530

This is what I did to replace Notepad with Notepad2 system-wide. You could even point it to show a message in a read-only text file saying that the program cannot be run. But I think this can easily be thwarted by smart users - simply rename the executable file... – ADTC – 2014-02-25T11:27:16.160

Yes, but most of the users won't even know how to do that. But can you tell me how to show them a message ? – radriaanse – 2014-02-25T11:51:39.467

Thanks, is it also possible to edit that error message ? or am I asking to much right now :) – radriaanse – 2014-02-25T12:26:50.133

I think your right, and I already had Windows opened long enough..;) thanks for your help as well ! – radriaanse – 2014-02-25T12:54:15.710

@and31415 definitely something to remember, but I think i'll keep it this way. sometimes simple is just the best. – radriaanse – 2014-02-25T13:01:14.893

@remyseroos I've merged my previous comments the answer adding some additional info. What I was talking about earlier is actually a per-user setting which "only prevents users from running programs that are started by the Explorer process. It does not prevent users from running programs such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt (cmd.exe), this policy setting does not prevent them from starting programs." Source Let me know if you have any further questions.

– and31415 – 2014-02-25T15:40:18.453

0

If your Windows computers are in an Active Directory environment, you can use Software Restriction Policies to prevent programs (except your whitlisted ones) from running.

You cannot block "programs" from accessing the registry, but you can deny users access to it. Beware, though, that programs run under the context of the user and may need access to various parts of the registry.

I don't understand why you have different policies applied one by one to each laptop. Do you have laptops which are supposed to run Word but not uTorrent, and others which are supposed to run uTorrent but never Excel?

Adam Thompson

Posted 2014-02-25T08:38:34.880

Reputation: 1 954

this is an option but requires the sysadmins to do it. And because there are to many variables to do this every time (for every laptop), the above answer handy because the examinations can do it on there own. but thnx anyway – radriaanse – 2014-02-25T10:02:46.460

Asked: 2014-02-25T08:38:34.880

Viewed: 3 804 times

Active: 2014-02-25T15:37:00.347