Simple Software Restriction Policy is a free software that allows only those applications to run that are located in system folders like Program Files, Windows etc., and blocks all other applications. So, if there is a hidden application that copied itself to your downloads folder and tries to run, then this software will block that. You can choose which folders should be allowed to run applications and block everything else. You can also choose to allow specific file extensions to run. When you try to execute some application from the blocked location, it will show you the error. This can be handy to prevent your PC from any malicious or unknown program, which otherwise can harm your PC if executed by mistake.
This free software achieves this by using group policy, which you can easily edit anytime you want.
In the screenshot above, you can see the error that will come when you try to run some executable file from the blocked location. It will show that ‘Your system administrator has blocked this program’.
How to Allow Applications to Run Only from Specific Locations on PC:
When you open the main interface of this software, you will find three buttons:
Lock button: Click this button if you want to enable the protection with the preset configurations. This will exclude Program Files, System folder, and other locations. That means, any application that you try to execute from these locations will run without any trouble. However, it will block other locations like desktop to run any executable file. You will see an error whenever you will try to run an application from the blocked location.
Unlock button: Use this button to temporarily disable this software. This means that any file from any location on your PC can be executed.
Configure: This button lets you change settings of this software. It opens INI file on Notepad or you can open it on your default text editor software. After opening the file, you will find a lot of text content. You need to read that text carefully so that you can understand which setting you should activate or leave. For example, Settings file contains:
- Software Policy inifile: Here, you can enter the directory that you want to let executable files run. You need to enter the location like “E:/folderpath=1”. That means, all the executable files that you try to run from a particular folder stored in E drive will run. To remove it, just add “;” in the beginning of the statement to comment it.
- Allow or block programs from desktop: If you have some executable file that you have added on desktop and want to run it from desktop only, then you can add Desktop to the whitelist. What you need to do is, scroll down the INI file to find [SoftwarePolicy]. There you will find “;Allow programs to be run from desktop…..“. You can Enter and write “AddDesktop=1“. See the screenshot below:
This simply means that you are allowing desktop location to run any Executable application.
There are a lot more sections in this file that lets you accurately configure the software as per your needs. You will need to scroll down the INI file to see what’s available.
This software is not an alternative to antivirus software, anti-ransomware software, or some other security tool. However, it is a very good option when you want to block applications from the specified locations. There are software that can block applications from running, but you need to manually enter the path of each individual program. This software provides a more powerful option because it simply blocks the whole location like the full desktop, hard drive, etc., and prevent running any application file.