There is a "Allow only Windows applications" policy in Windows XP Group Policy, and you only have to enable and add program names that allow the system to run only, then users will only be able to run programs in the "Allow running Applications list". However, whether or not you add gpedit.msc (Group Policy) to the "Allow list of running programs only", once this policy is enabled, you cannot run "Gpedit.exe" (Group Policy) anymore! But we can use the following methods to make "Fish and bear cake".
① run gpedit.msc, expand User Configuration → admin templates → system, and in the right window, locate the run only licensed Windows application policy and double-click, select Enabled in the Open window. At this point, we can see that the Display button under the window is active, click show → add, and then enter the name of the program that allows Windows to run, such as "Notepad.exe", and finally press the OK button.
Figure 1
② do not immediately close Group Policy at this time. Run "Group Policy" in "Start → run" and you'll find that it's not working! Luckily we didn't close the Group Policy program, now in the Group Policy window, set the "Allow only Windows applications" policy to "not configured," and then click OK.
③ If you have closed Group Policy, you can restore the settings by restarting the computer, pressing F8 when the Startup menu appears, selecting the Safe Mode with Command prompt option on the Windows Advanced Options menu, and then running mmc.exe at the command prompt. In the console window that opens, click file → add/remove snap-in → add → Group Policy → add → finish → close → OK, now that you have added a Group Policy console, then change the original settings back into Windows again.