Application blocking is disabled by default. You must enable it manually, configure conditions to control the users eligible for application blocking, and define a custom error message.
- Start the User Environment Manager Management Console.
- On the User Environment tab, select Application Blocking.
- Click Global Configuration.
- Select Enable Application Blocking.
- Click Add in the Conditions section to configure conditions to control which users have application blocking enabled.
- Click Add in the Message section to add a parent application that displays a custom error message when it attempts to start a blocked application.
Most commonly the parent applications used are explorer.exe, located in C:\Windows\ and cmd.exe, located in C:\Windows\System32. If one of the configured parent applications attempts to start a blocked application, the configured message is displayed instead of the default message. The configurable message can only be displayed if DirectFlex is enabled for the user session. Without DirectFlex, a blocked application remains blocked, and the standard Windows error message is displayed.
- Enter a message title, message text, and the amount of time for which the message appears.
- Click OK.
With application blocking enabled, only applications from the Windows folder, C:\Program Files, and C:\Program Files (x86) are allowed to run.
What to do next
To allow and block additional paths, see Allow and Block Additional Applications.