• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 201
  • Last Modified:

I would like to disable the run menu for all my users on my network, except for the administrator. How do i do that?


I would like to disable the RUN menu for the startup menu for all my network users.  At the same time leaving the access available for the administrator only.

How do i accomplish that?
thanks you for your assistance.

1 Solution
Group Policy Editor (XP Professional, Server 2003, NT, 2000, 2000 server)

here are some interesting links on it i googled http://www.google.com/search?hl=en&lr=&q=remove+RUN+command
you can do it through the registry of your win.ver doesnt support a policy editor

on the GPO (group policy object) of the group u want to disable the run as.. go to:
User configuration -> Administrative Templates ->Start Menu & Toolbar, In the right panel find "Remove Run from start menu", double click on it and choose enable

i hope this helps
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

dominicaitAuthor Commented:
Hey Rimba,

granted what you have contributed has made the most logical answer what i was looking for however, is to exclude the administrators from this setting.

What i have gathered thus far is that i need to create a new group of users with only those that i want affected by this new policy, however what i don't understand, and others out there reading this may also want to ship in, is how do i set this policy to only affect the users that i choose.  Please note that i don't want it to affect all my users, only a select few.

Thanks for your inputs thus far.

2 options: you add a gpo for the administrator where u disable this option, or you enable oit on the computer itself (on each user u want to forbid this) for the second option you could create a value on the registry:

Key: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Name: NoRun
Value: 1
If you're in a workgroup then I don't think you can choose which users the policy will apply to. However, you can do the reverse: choose the users you DON'T want to be affected by the policy:

1. Use Local Group Policy and set the policy to remove it from the Start Menu, as Rimba had suggested.
2. Set Deny permissions to Administrators on the hidden folder %systemroot%\system32\GroupPolicy (or anyone you don't want the policy to apply to)
*All other users will be affected

It's easier if it's in a domain:
Link the GPO to the OU/container where the affected user objects are stored
-or- set permissions on the GPO and allow only the users you choose
i trhink doing the gpo deny option and the allow it to the admin is the easier way to solve this.

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now