Application blocking is disabled by default. You must enable it manually, configure conditions to control the users eligible for application blocking, and define a custom message.

Procedure

  1. Start the User Environment Manager Management Console.
  2. On the User Environment tab, select Application Blocking.
  3. Click Global Configuration.
  4. Select Enable Application Blocking.
  5. Click Add in the Conditions section to configure conditions to control which users have application blocking enabled.
  6. Click Add in the Message section to add a parent application that displays a custom message when it attempts to start a blocked application.

    Most commonly the parent applications used are explorer.exe, located in C:\Windows\ and cmd.exe, located in C:\Windows\System32. If one of the configured parent applications attempts to start a blocked application, the configured message is displayed instead of the default message.

  7. Enter a message title, message text, and the amount of time for which the message appears.
  8. Click OK.

Results

With application blocking enabled, only applications from the Windows folder, C:\Program Files, and C:\Program Files (x86) are allowed to run.

What to do next

To allow and block additional paths, see Allow and Block Additional Applications.