1
try {
2
# Define the registry path for the RestrictRun policy
3
$RegistryPath = "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
4
# Check if the Explorer registry path exists
5
if (-NOT (Test-Path $RegistryPath)) {
6
New-Item -Path $RegistryPath -Force | Out-Null
7
}
8
# Enable the RestrictRun policy
9
Set-ItemProperty -Path $RegistryPath -Name "RestrictRun" -Value 1 -Force
10
# Define the RestrictRun subkey path
11
$SubKey = "$RegistryPath\RestrictRun"
12
# Create the RestrictRun subkey if it doesn't exist
13
if (-NOT (Test-Path $SubKey)) {
14
New-Item -Path $SubKey -Force | Out-Null
15
}
16
# Define the allowed applications (Only Firefox and Edge)
17
$AllowedApps = @{
18
"1" = "C:\Program Files\Mozilla Firefox\firefox.exe" # Full path to Firefox
19
"2" = "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" # Full path to Microsoft Edge
20
}
21
# Clear previous entries in the RestrictRun subkey to avoid conflicts
22
Get-ChildItem -Path $SubKey | Remove-Item -Force
23
# Add allowed applications to the RestrictRun subkey
24
$AllowedApps.GetEnumerator() | ForEach-Object {
25
Set-ItemProperty -Path $SubKey -Name $_.Key -Value $_.Value -Force
26
}
27
Write-Output "RestrictRun policy applied successfully, allowing only Firefox and Edge."
28
Write-Output "A system restart is required for the changes to take effect."
29
# Restart the system
30
Restart-Computer -Force
31
}
32
catch {
33
Write-Output "Failed to apply RestrictRun policy -> $($_.Exception.Message)"
34
}
