Sometimes we hate to run some programs, but they just pop up automatically and we want to disable them. And sometimes, for some reason, we use a complex “software restriction policy” that prevents some software from running, and we want to unblock it. Although we can prohibit and unblock software by modifying the registry, it is easier to do so by using Group Policy Editor.
1. Block certain executable programs from running
If we find a nasty pop-up window, it means there must be a program running secretly in the background and performing some small action. So how can we know what this program is, and how can we stop it from running?
○Get the real path of the pop-up program
First of all, after we find a pop-up window appears, we should not close this pop-up window first. At this time, you need to run a pop-up program detection software “Comet Assistant”, after opening Comet Assistant, click the “Window SPY” button in the toolbar at the top of the window; then click the CD-like icon in the software interface, press the mouse and drag the Drag this icon to the pop-up window you want to monitor; after that, you will find the path of the pop-up program in the “Program Path” column of the software (Figure 1).
Adding Program Disable with Group Policy
Once we know the real path of the pop-up program, we can easily disable the program through the program disabling policy of Group Policy. The specific method is as follows.
Press the Win+R key combination to open the Run dialog box and run the GPEDIT.MSC command to start the Local Group Policy Editor. In the Local Group Policy Editor window, locate the following branch: “Local Computer Policy→User Configuration→Management Mode→System” (Figure 2).
Double-click the “System” branch, and in the pane that opens, find the “Do not run specified Windows applications” item and double-click it (Figure 3).
In the subsequent window that opens, select the “Enabled” option, then click the “Show” button after the “Disallowed Applications List”, double-click on the blank value in the Show Content window area in the Display Content window, then right-click and paste the previously copied pop-up path (Figure 4). Finally, OK and apply the changes.
2. Releasing programs banned by the Software Restriction Policy
The programs banned by the “Do not run specified Windows applications” policy can also be set to be released from the same location. If some software is forbidden to run and we can’t find any trace of these programs from the above location, you can check the location of “Software Restriction Policy” in the policy to see if the software can’t run due to the addition of the software restriction policy.
First use Group Policy to solve
First open the Local Group Policy Editor and locate “Local Computer Policy→Computer Configuration→Windows Settings→Security Settings→Software Restriction Policy→Security Level” (Figure 5).
Double-click “Unrestricted” under “Security Level”, click “Set as default” and set it as default. If it doesn’t work, delete the existing hash, path, etc. in “Software Restriction Policy → Other Rules”. Restart your computer and run the program again (Figure 6).
Modify the registry further
If the above method does not work, next execute the REGEDIT command in “Run” to start the registry editor. Then locate “HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsSaferCodeIdentifiers” in order, and delete all the entries in the subordinate branches involving Hashes and Paths Delete all the items below (Figure 7). Restart your computer and try to run the program you want to release again.
Tip: If the system can’t boot to the desktop due to restricted software, you can start Group Policy with command prompt in safe mode to deal with it. Press F8 to capture safe mode when booting, select “Safe mode with command line prompt” to start, the system will automatically run the command window, enter “mmc c:windowssystem32gpedit.msc” at the prompt. “Open Group Policy to make changes (Figure 8).