locking down a profile on windows 7

How can I lock down a profile via GP to basically only allow one program to be used.
For example, I want the programs/features, control panel, etc... removed
Also want the games, actually the entire all programs removed.
Also want to remove all browsers as well.

I just need to create a shortcut on the desktop that points to an exe on the local C drive that runs an application, besides that, I don't want the user to have any other access.

Is that possible, and how would I do that?  

The account doesn't have to be pushed out via GP, but it needs to be an Active Directory account, so I have different individuals use the same account.
DanNetwork EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Joseph MoodyBlogger and wearer of all hats.Commented:
The easiest way is to specify a custom user interface for that user in Group Policy. You would set that interface to be the program that should be launched.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Will SzymkowskiSenior Solution ArchitectCommented:
For what you are looking for you will need to create a GPO specifically for User Policies. From the User Configuration Policy you can lock down everything. See the screenshot below.
Also there is a System Folder as well in the scrrenshot you can use this to lockdown further settings.

You can then use Group Policy Preferences to add the shortcut to the users desktop.

David Johnson, CD, MVPOwnerCommented:
Which version of Windows 7? Enterprise or Ultimate can use Applocker
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

DanNetwork EngineerAuthor Commented:
So I have pretty much made the changes that I want, but how do I now install the program for this restricted user account and add the shortcut to the desktop, because I prohibited all access to create items on the desktop.
DanNetwork EngineerAuthor Commented:
I am using windows 7 pro, on a domain
With pro, you could use software restriction policies. Those can use whitelists of allowed programs. https://technet.microsoft.com/en-us/library/hh831534.aspx?f=255&MSPPError=-2147217396 (article is for win8, but same for 7).
DanNetwork EngineerAuthor Commented:
Thanks everyone, I just used GP, as it seems to be the easiest way.
I wonder why you don't use Software restriction policies. Since it can whitelist, it surely comes closest to what you asked for.
DanNetwork EngineerAuthor Commented:
McKnife, I looked at the article, but it was a bit confusing.  So I opened GP, under same GP object, and then created a software restriction policy, but I don't see how I can use this for what I want?

Do you know of a website that shows in step by step how to configure the software restriction policies?

Because the only thing I want any user to be able to do is run a program that is on the desktop, and nothing else,  so my computer, all programs, devices and printers, control panel, everything is hidden, or removed and I don't see how I can do that with the software restriction policies.
DanNetwork EngineerAuthor Commented:
my bad, I will do that next time. By the way, I briefly looked at the sites you suggested, but how is that any easier than using GP the way I've done it?  It almost looks more complicated?
SRPs in short: Define a white list, set the rest to blocked. With other GPOs, you can't do that.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 7

From novice to tech pro — start learning today.