Fix: This Program is Blocked by Group Policy

Kevin ArrowsUpdated on January 20, 2024
Kevin is a certified Network Engineer

When trying to launch an application or program on a Windows 7/8/10 computer, many users have reported the respective application or program not opening and being met with an error message basically stating that the application or program cannot be opened because it is being blocked by group policy. The whole error message reads:

This program is blocked by group policy. For more information, contact your system administrator.

Group policy is a nifty little Windows utility for network administrators that can be used to deploy user, security and networking policies to a whole network of computers on the individual machine level. This issue has been and continues to be a problem for countless Windows 7/8/10 users and can affect a wide variety of different applications and programs and can even affect more than one program/application on a single affected computer.

this-program-is-blocked-by-group-policy

This problem is, in almost all cases, caused by the affected user enabling the Software Restriction Policy and forgetting about it or another application or bug somehow enabling the Software Restriction Policy. However, this issue can also be caused by a program – such as a third-party security program – being configured to block certain applications from running which, for some reason, displays the “This program is blocked by group policy” error message when the user tries to run a blocked application.

As there are a variety of different possible causes of this issue, there is also a wide range of different prospective solutions, the following being the most effective ones:

Solution 1: Disable the Software Restriction Policy using a .BAT file

Open a fresh new instance of Notepad.

Type or paste the following text into the blank instance of Notepad:

REG ADD HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\ /v DefaultLevel /t REG_DWORD /d 0x00040000 /f

Press Ctrl + S to save the new document.

Navigate to where you want the file to be saved.

Open the dropdown menu in front of Save as type and click on All Files.

You can name the file anything, as long as you give it a .BAT For example, naming the file solution.bat will be just fine.

Click on Save.

Navigate to where you saved the .BAT file and double click on it to launch it.

If asked to confirm the action in a popup, confirm it.

The .BAT file will launch a Command Prompt and execute the command programmed into it, but this only takes a couple of seconds on even the slowest of computers. Once the .BAT file is done running the command and the Command Prompt has been closed, restart your computer.

this-program-is-blocked-by-group-policy

When the computer boots up, try launching (each of) the affected application(s), and they should launch successfully.

Solution 2: Delete any and all configured group policies using the Registry Editor

When a group policy is configured on a network, registry values for the created group policy are added to the registries of every single computer that is connected to the network. This also holds true in the case of the Software Restriction Policy, which is why you can disable the Software Restriction Policy by using the Registry Editor to delete any and all configured group policies. In order to do so, you need to:

Press the Windows Logo key + R to open a Run

Type regedit into the Run dialog and press Enter to launch the Registry Editor.

In the left pane of the Registry Editor, navigate to the following directory:

HKEY_LOCAL_MACHINE > Software > Policies

In the left pane, locate and right-click on the Microsoft sub-key under the Policies registry key, click on Delete in the context menu and click on Yes in the resulting popup to confirm the action.

In the left pane of the Registry Editor, navigate to the following directory:

HKEY_CURRENT_USER > Software > Policies

In the left pane, locate and right-click on the Microsoft sub-key under the Policies registry key, click on Delete in the context menu and click on Yes in the resulting popup to confirm the action.

In the left pane of the Registry Editor, navigate to the following directory:

HKEY_CURRENT_USER > Software > Microsoft > Windows > CurrentVersion

In the left pane, locate and right-click on the Group Policy Objects sub-key under the CurrentVersion registry key, click on Delete in the context menu and click on Yes in the resulting popup to confirm the action.

In the left pane of the Registry Editor, navigate to the following directory:

HKEY_CURRENT_USER > Software > Microsoft > Windows > CurrentVersion

In the left pane, locate and right-click on the Policies sub-key under the CurrentVersion registry key, click on Delete in the context menu and click on Yes in the resulting popup to confirm the action.

Close the Registry Editor.

Restart the computer.

When the computer boots up, if the Software Restriction Policy was enabled, it will no longer be in effect so you should be able to successfully launch and run all affected programs.

Note: If, while attempting this solution, you find that one of the registry keys that need to be deleted is missing from your computer, simply skip that step and move on to the next one.

Solution 3: Disable Symantec Endpoint Protection’s program-blocking feature

Symantec Endpoint Protection comes with the option to block all programs on removable drives from running, and having this option enabled can lead to the “This program is blocked by group policy” error message popping up when you try to launch a blocked program. If that is the case, you should be able fix the issue by simply disabling Symantec Endpoint Protection’s program-blocking feature. In order to do so, you need to:

Launch the Symantec Endpoint Protection Manager.

Locate and navigate to the program’s Application and Device Control

In the left pane of the Application and Device Control window, click on Application Control.

Make sure that the checkbox beside the Block programs from running from removable drives (AC2) Application Control policy is empty and not checked, meaning that the policy is disabled. If the checkbox is checked and the policy is enabled, uncheck and disable it.

application-and-device-control-policy

Save the changes you have made.

Close the Symantec Endpoint Protection Manager.

Restart your computer – the changes will take effect once your computer boots up, after which you can check to see whether or not the issue has been resolved.

Note: This solution is only for affected users who have Symantec Endpoint Protection installed on their computers.

Kevin ArrowsUpdated on January 20, 2024
Kevin is a certified Network Engineer
ABOUT THE AUTHOR
Photo of Kevin Arrows

Kevin Arrows


Kevin Arrows is a highly experienced and knowledgeable technology specialist with over a decade of industry experience. He holds a Microsoft Certified Technology Specialist (MCTS) certification and has a deep passion for staying up-to-date on the latest tech developments. Kevin has written extensively on a wide range of tech-related topics, showcasing his expertise and knowledge in areas such as software development, cybersecurity, and cloud computing. His contributions to the tech field have been widely recognized and respected by his peers, and he is highly regarded for his ability to explain complex technical concepts in a clear and concise manner.