Group policy is a nifty little Windows utility for network administrators that can be used to deploy user, security and networking policies to a whole network of computers on the individual machine level. This issue has been and continues to be a problem for countless Windows 7/8/10 users and can affect a wide variety of different applications and programs and can even affect more than one program/application on a single affected computer.
This problem is, in almost all cases, caused by the affected user enabling the Software Restriction Policy and forgetting about it or another application or bug somehow enabling the Software Restriction Policy. However, this issue can also be caused by a program – such as a third-party security program – being configured to block certain applications from running which, for some reason, displays the “This program is blocked by group policy” error message when the user tries to run a blocked application. As there are a variety of different possible causes of this issue, there is also a wide range of different prospective solutions, the following being the most effective ones:
Solution 1: Disable the Software Restriction Policy using a .BAT file
Open a fresh new instance of Notepad. Type or paste the following text into the blank instance of Notepad: Press Ctrl + S to save the new document. Navigate to where you want the file to be saved. Open the dropdown menu in front of Save as type and click on All Files. You can name the file anything, as long as you give it a .BAT For example, naming the file solution.bat will be just fine. Click on Save. Navigate to where you saved the .BAT file and double click on it to launch it. If asked to confirm the action in a popup, confirm it. The .BAT file will launch a Command Prompt and execute the command programmed into it, but this only takes a couple of seconds on even the slowest of computers. Once the .BAT file is done running the command and the Command Prompt has been closed, restart your computer.
When the computer boots up, try launching (each of) the affected application(s), and they should launch successfully.
Solution 2: Delete any and all configured group policies using the Registry Editor
When a group policy is configured on a network, registry values for the created group policy are added to the registries of every single computer that is connected to the network. This also holds true in the case of the Software Restriction Policy, which is why you can disable the Software Restriction Policy by using the Registry Editor to delete any and all configured group policies. In order to do so, you need to: Press the Windows Logo key + R to open a Run Type regedit into the Run dialog and press Enter to launch the Registry Editor. In the left pane of the Registry Editor, navigate to the following directory: In the left pane, locate and right-click on the Microsoft sub-key under the Policies registry key, click on Delete in the context menu and click on Yes in the resulting popup to confirm the action. In the left pane of the Registry Editor, navigate to the following directory: In the left pane, locate and right-click on the Microsoft sub-key under the Policies registry key, click on Delete in the context menu and click on Yes in the resulting popup to confirm the action. In the left pane of the Registry Editor, navigate to the following directory: In the left pane, locate and right-click on the Group Policy Objects sub-key under the CurrentVersion registry key, click on Delete in the context menu and click on Yes in the resulting popup to confirm the action. In the left pane of the Registry Editor, navigate to the following directory: In the left pane, locate and right-click on the Policies sub-key under the CurrentVersion registry key, click on Delete in the context menu and click on Yes in the resulting popup to confirm the action. Close the Registry Editor. Restart the computer. When the computer boots up, if the Software Restriction Policy was enabled, it will no longer be in effect so you should be able to successfully launch and run all affected programs. Note: If, while attempting this solution, you find that one of the registry keys that need to be deleted is missing from your computer, simply skip that step and move on to the next one.
Solution 3: Disable Symantec Endpoint Protection’s program-blocking feature
Symantec Endpoint Protection comes with the option to block all programs on removable drives from running, and having this option enabled can lead to the “This program is blocked by group policy” error message popping up when you try to launch a blocked program. If that is the case, you should be able fix the issue by simply disabling Symantec Endpoint Protection’s program-blocking feature. In order to do so, you need to: Launch the Symantec Endpoint Protection Manager. Locate and navigate to the program’s Application and Device Control In the left pane of the Application and Device Control window, click on Application Control. Make sure that the checkbox beside the Block programs from running from removable drives (AC2) Application Control policy is empty and not checked, meaning that the policy is disabled. If the checkbox is checked and the policy is enabled, uncheck and disable it.
Save the changes you have made. Close the Symantec Endpoint Protection Manager. Restart your computer – the changes will take effect once your computer boots up, after which you can check to see whether or not the issue has been resolved. Note: This solution is only for affected users who have Symantec Endpoint Protection installed on their computers.
Fix: Windows Defender Blocked by Group Policy Error 0x800704ecFix: Windows Firewall has blocked some features of this program or appFIX: WindowsStore.admx Error in Local Group Policy EditorFix: The Group Policy Client Service Failed the Logon