How to Restrict App Launches to Microsoft Store Only in Windows 10 and Add Apps to the Allowed List

In Windows 10, you can limit the ability to run applications that aren’t installed from the Microsoft Store. This can help enhance security and control installed programs, especially on devices used for work or by children. In this guide, we’ll explore how to set up restrictions on third-party applications and add specific programs to the allowed list.

Step 1: Enabling App Launch Restrictions

To restrict the installation and launch of applications not tied to the Microsoft Store, follow these steps:

  1. Open Settings in Windows 10 by pressing Win + I.
  2. Go to the Apps section.
  3. Select the Apps & features tab.
  4. Under Choose where to get apps, select Microsoft Store only.

By setting this restriction, users will only be able to install applications verified and available through the Microsoft Store. This significantly reduces the risk of installing potentially harmful software.

Step 2: Adding Apps to the Allowed List

If you need to run an application not available in the Microsoft Store, you can add it to the exceptions. You can do this using Group Policy settings or the Registry Editor.

Using the Group Policy Editor (Only for Windows 10 Pro and Enterprise)

This method is applicable for Windows 10 Pro and Enterprise versions:

  1. Press Win + R and type gpedit.msc to open the Local Group Policy Editor.
  2. Go to Computer ConfigurationAdministrative TemplatesSystem.
  3. Open the setting Run Only Specified Windows Applications.
  4. Select Enabled, then click Show to specify the list of apps to allow or block.
  5. Enter the names of the applications you want to allow (e.g., appname.exe), then save your changes.

Using the Registry Editor to Add Exceptions

For all versions of Windows 10, you can use the Registry Editor:

  1. Press Win + R and type regedit to open the Registry Editor.
  2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer.
  3. Create the DisallowRun key if it doesn’t already exist. To do this, right-click on Explorer, select New → Key, and name it DisallowRun.
  4. Within the DisallowRun key, create a new string value for each app you want to block. For instance, use 1 with a value of appname.exe.