Created
December 27, 2024 02:25
-
-
Save ternera/2249a609ebc5912e54cf21fa2a826011 to your computer and use it in GitHub Desktop.
Only allow certain applications to run using the registry editor on Windows
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Define the allowed applications | |
| $allowedApps = @( | |
| "example.exe", | |
| "example2.exe" | |
| ) | |
| # Convert the array to a format suitable for the registry | |
| $allowedAppsString = $allowedApps -join ',' | |
| # Registry path for the Group Policy setting | |
| $regPath = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" | |
| # Ensure the registry key exists | |
| if (-not (Test-Path $regPath)) { | |
| New-Item -Path $regPath -Force | Out-Null | |
| } | |
| # Enable the "Run only specified Windows applications" setting | |
| Set-ItemProperty -Path $regPath -Name "RestrictRun" -Value 1 | |
| # Add the list of allowed applications | |
| New-Item -Path "$regPath\RestrictRun" -Force | Out-Null | |
| foreach ($i in 1..$allowedApps.Count) { | |
| Set-ItemProperty -Path "$regPath\RestrictRun" -Name $i -Value $allowedApps[$i - 1] | |
| } | |
| Write-Output "The policy has been updated with the allowed applications." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment