Category filter
Script to allow user access to specific third-party apps on Windows
As an IT administrator, you might be facing problems with your users running undesired third-party apps in your Microsoft Windows environment. If you want to allow users access only to specific third-party apps on Windows devices, here’s how you can deploy custom scripts using Hexnode to serve your purpose.
The Sample Scripts provided below are adapted from third-party Open-Source sites.
PowerShell script
The script below edits the Windows registry to allow users to run only specific third-party applications. For instance, for $Value1 and $Value2, replace firefox.exe and wordpad.exe with the name of the third-party apps you want users to access. Users will be restricted from all the other third-party apps. To specify more than two applications, you may add apps as $Value3, $Value4, etc., and set the values for those apps using Set-ItemProperty.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 |
try{ $status = New-PSDrive -PSProvider Registry -Name HKU -Root HKEY_USERS Function Allow-certain-apps($sid) { if(Test-Path "HKU:\${sid}") { # Set variables to indicate value and key to set $RegistryPath = "HKU:\${sid}\Software\Microsoft\Windows\CurrentVersion\Policies" $Key = 'Explorer' # Create the key if it does not exist -> for creating Explorer key If (-NOT (Test-Path "$RegistryPath\$Key")) { New-Item -Path "${RegistryPath}\${Key}" -Force | Out-Null } $Name = 'RestrictRun' $Value = '1' # Now set the value Set-ItemProperty -Path "${RegistryPath}\${Key}" -Name $Name -Value $Value -Force # Create subkey if it does not exist -> for creating RestrictRun key $Subkey = 'RestrictRun' If (-NOT (Test-Path "${RegistryPath}\${Key}\${Subkey}")) { New-Item -Path "${RegistryPath}\${Key}\${Subkey}" -Force | Out-Null } $ValueName1 = '1' $Value1 = firefox.exe $ValueName2 = '2' $Value2 = wordpad.exe # Now set the values for apps Set-ItemProperty -Path "${RegistryPath}\${Key}\${Subkey}" -Name $ValueName1 -Value $Value1 –Force Set-ItemProperty -Path "${RegistryPath}\${Key}\${Subkey}" -Name $ValueName2 -Value $Value2 -Force } } $userDetails=Get-wmiobject win32_useraccount | where-object{$_.status -eq 'ok'} foreach($user in $userDetails) { $sid=$user.SID Allow-certain-apps($sid) } } catch { Write-Host "Error occured while running script -> ",$_.Exception.Message } |
- Once the script is run successfully, restart the device, and the users should only be able to run the third-party apps to which you have explicitly allowed access in the script.
- Users’ access to system apps is unaffected by the script.
- To revert the changes made on the device due to the above script and allow users to access all apps, run the below command:
1Remove-Item $RestrictRunKeyPath –Force
- It is recommended to manually validate the script execution on a system before executing the action in bulk.
- Hexnode will not be responsible for any damage/loss to the system on the behavior of the script.
