We help IT Professionals succeed at work.

I would like to disable the run menu for all my users on my network, except for the administrator.  How do i do that?

dominicait asked
Last Modified: 2013-12-04

I would like to disable the RUN menu for the startup menu for all my network users.  At the same time leaving the access available for the administrator only.

How do i accomplish that?
thanks you for your assistance.

Watch Question

Group Policy Editor (XP Professional, Server 2003, NT, 2000, 2000 server)

here are some interesting links on it i googled http://www.google.com/search?hl=en&lr=&q=remove+RUN+command
you can do it through the registry of your win.ver doesnt support a policy editor


on the GPO (group policy object) of the group u want to disable the run as.. go to:
User configuration -> Administrative Templates ->Start Menu & Toolbar, In the right panel find "Remove Run from start menu", double click on it and choose enable

i hope this helps


Hey Rimba,

granted what you have contributed has made the most logical answer what i was looking for however, is to exclude the administrators from this setting.

What i have gathered thus far is that i need to create a new group of users with only those that i want affected by this new policy, however what i don't understand, and others out there reading this may also want to ship in, is how do i set this policy to only affect the users that i choose.  Please note that i don't want it to affect all my users, only a select few.

Thanks for your inputs thus far.

This one is on us!
(Get your first solution completely free - no credit card required)
If you're in a workgroup then I don't think you can choose which users the policy will apply to. However, you can do the reverse: choose the users you DON'T want to be affected by the policy:

1. Use Local Group Policy and set the policy to remove it from the Start Menu, as Rimba had suggested.
2. Set Deny permissions to Administrators on the hidden folder %systemroot%\system32\GroupPolicy (or anyone you don't want the policy to apply to)
*All other users will be affected

It's easier if it's in a domain:
Link the GPO to the OU/container where the affected user objects are stored
-or- set permissions on the GPO and allow only the users you choose

i trhink doing the gpo deny option and the allow it to the admin is the easier way to solve this.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.