View Full Version : Restricting the processes that can be launched / run on an XP machine

30-11-2008, 10:54 AM
I have an XP machine that we use to control the Projector at church - We run powerpoints through it, and the occasional video.

I'd like to be able to restrict the processes that run on it to a small white-list as such, so that I can have anybody sit down on it, and know that if they are running it that they cant just fire up Hearts or something.

I *could* just say to the operators "please pay attention and dont go playing games", but sometimes there's the little extra 'encouragement' if you will thats needed. Its just not fair on the people in the congregation if the operator isnt "with it"...

So yeah, something where I can whitelist application 1, 2, 3 & 4, and nothing else new is allowed to be run.

If there was the ability to have timed lock-downs, that would be super-cool! So say from time X to Y every week the restrictions were imposed, but not outside of that time :)

Anybody know of such an application?



Speedy Gonzales
30-11-2008, 10:57 AM
Is it Pro or Home?

30-11-2008, 11:13 AM
Pro :)

30-11-2008, 11:37 AM
Group/Local Policy can do that I think.

Or something like FreshUI (http://www.freshdevices.com/freshui.html) - this also allows you to lock down the system as much as you want :p It needs to be an Admin account (at least while FreshUI is being configured) though as it needs to write to the registry

Access the whitelist in FreshUI by going to Windows System > Security > Allow Specified Applications. Make sure you put the .exe extension in, or you won't be able to open anything. Also add freshui.exe so it can be reconfigured in the future if necessary.

30-11-2008, 11:38 AM
Pro :)

Sweet - pretty sure you should be to do it with group policy

01-12-2008, 07:56 AM
Make sure you allow critical system apps to run - otherwise it WILL break. :eek:

IMO it would be better to blacklist games etc, rather than whitelist some - you could miss a system file.

01-12-2008, 08:12 AM
You could try Microsofts Steady State (http://www.microsoft.com/windows/products/winfamily/sharedaccess/default.mspx) - you would have two accounts - yours with full admin rights and password protected, steady state is loaded via the admin account then the restrictions applied to the "users" account, in the users account - you can disable / lock down almost every thing, either permanently while logged in or on a time basis and only allow what you want the operator to do.-password required to make any alterations.Some of the restrictions (http://www.microsoft.com/windows/products/winfamily/sharedaccess/whatis/userrestrictions.mspx)

07-12-2008, 08:48 AM
Steadystate looks like just the ticket!!

I was just remembering this morning I had to look into it, and my problem was I not only wanted to be able to easily enforce / lift the restrictions, but to be able to prevent the "user" from shutting down the machine (Causes nightmares at times).

Will give it a whirl shortly and post back with the results

Thanks to all


07-12-2008, 10:12 AM
+1 for steady state, should do exactly what you want plus more

07-12-2008, 08:23 PM
Sounds like you don't need most of them so why not just delete them.

08-12-2008, 03:37 PM
I have deleted most of the unwanted apps, but there's currently nothing from stopping somebody from going on and grabbing more.

Steadystates cool, has locked off the shutdown buttons so Im the only one who can do it after logging in as the Admin User, not to mention Ive restricted functionality to the web browser and a few other bits and pieces which will hopefully save the PC in the long-run :)

Thanks to all who posted

08-12-2008, 04:21 PM
Steadystates cool, has locked off the shutdown buttons so Im the only one who can do it after logging in as the Admin User,

Can they not just log off and press Turn Off Computer or press the power button?