How to block programs from running (Windows 7)

windows-registry windows-7

Solution 1:

Solution

Here's a template you can use:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\whatever.exe]
"Debugger"="systray.exe"

To revert back you just need to remove the registry key:

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\whatever.exe]

Note Administrator rights (or enough rights to access the related registry key) are required in order to apply the changes.

How it works

The Image File Execution Options registry key was designed, among other things, to automatically launch a debugger when an application starts. While the debugger would start the application and attach, you can specify just any executable which will be run instead, thus overriding the original one.

What about systray.exe? It's a little stub program which was first introduced with Windows 95, and used to handle the system notification icons. It's not really used any more in the newer Windows versions, and it was mostly kept for backward compatibility reasons. It has no user interface, and doesn't do anything noticeable besides refreshing the notification area when started.

Remarks

  • Changes are applied immediately, and work regardless of the Windows 7 edition installed.

  • If you want to display a standard error message instead, replace systray.exe with %1 (any non-existing executable will do as well). Displaying a custom message would require creating either a custom program or script, and launch that.

Known limitations

  • Since the method is based on the program name, one could workaround it by renaming the executable to something. That can easily be avoided by making sure users the program is located in a directory which they don't have full control of (e.g. C:\Progam Files).

  • One could copy the whole program folder elsewhere (e.g. on the desktop) and then rename the executable. Some programs might not run that way, but others could. To avoid this, make sure users have no write permissions in their profile folders unless otherwise required.

References

  • How to add, modify, or delete registry subkeys and values by using a .reg file
  • How to turn off the Windows Update feature in Windows XP

Related

Capture data that my ADSL modem send
Is there a way of mapping a key combination of a computer type a character?
Windows Update doesn't work on Window 8.1
microsSD card cannot format
Launching Firefox into “chromeless” mode from command prompt
8gb ram in 32bit operating system
CPU Does not run at full speed
How to send group mail in Outlook to multiple recipients, but have each recipient see their own name?
With Windows 7, why is an entry in the hosts file not working?
Is there a way to recover my username in Kali Linux?
Clean install Mac OS X Lion on new SSD
Recover files deleted from Windows 7 with no backup