How to Lock Apps in Windows 11 Without Any Software

For a complete Windows security and privacy guide, read: /security-privacy/

Windows doesn’t care if someone opens your apps.
There’s no built-in app lock. No password layer. Nothing.

And yeah, all those blog posts telling you to install some shady locker app?
Half of them break, the other half sell your data.

So yeah, if you want control, you have to force it yourself.

What actually works (and why this is the only sane method)

Windows apps run based on executable access.
If the system can’t execute the .exe, the app is effectively locked.

So instead of trying to add a password UI like Android, you block execution at the system level.

That’s way cleaner.

No background apps. No RAM drain. No random crashes after updates.

You’re basically telling Windows
this user is not allowed to run this file.

The actual method (no garbage, just the working part)

We’re using Local Group Policy.

If you’re on Home edition, yeah, Microsoft screwed you. Skip to the workaround below.

Steps

Press Win + R
Type gpedit.msc
Go here
User Configuration > Administrative Templates > System
Find
Don't run specified Windows applications
Open it → set to Enabled
Click Show
Add the app .exe name
example
chrome.exe
notepad.exe
discord.exe

Done.

Now when someone tries to open it, Windows just blocks it. No drama.

Why this works better than fake app lockers

Most third-party lockers sit on top of the app
They wait → detect → then block

That’s already too late.

Here, the app never even starts.

No CPU usage. No race condition. No bypass by killing the locker process.

If you’re stuck on Windows 11 Home

Yeah, no gpedit.

You’ve got two real options

Option 1: Registry (same logic, more annoying)

Go to
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Create key if it doesn’t exist

Add:

DisallowRun (DWORD = 1)
Create subkey DisallowRun
Inside it → add string values
1 = chrome.exe
2 = discord.exe

Same effect. Just more manual.

Option 2: Rename the executable

Low-tech but effective.

Go to app folder
Rename app.exe → app_locked.exe

Then create a small script to rename back when needed.

Not elegant. But works if you’re lazy and just want quick lock.

Real-world issues you’ll hit

Some apps spawn child processes with different .exe names
Example: Chrome has multiple processes

Blocking chrome.exe is enough to stop launch, but if something already running, it won’t kill it

Also:

Admin users can bypass this easily
Safe mode ignores a lot of this
Portable apps can still run if you don’t block them too

So this is not military-grade security
It’s practical control

Extra trick (if you actually care about privacy)

Create a separate Windows user account

Then apply this restriction only there

Now you’ve got:

your main account → full access
secondary account → locked apps

Way cleaner than fighting permissions constantly

Ending it straight

Windows won’t give you app locking because it’s not built for that model.
But the system underneath is flexible enough to fake it properly.

Just don’t fall for those app locker downloads.
They’re solving a problem Windows already lets you handle natively.

Just… hidden behind annoying menus like always.

What actually works (and why this is the only sane method)#

The actual method (no garbage, just the working part)#

Steps#

Why this works better than fake app lockers#

If you’re stuck on Windows 11 Home#

Option 1: Registry (same logic, more annoying)#

Option 2: Rename the executable#

Real-world issues you’ll hit#

Extra trick (if you actually care about privacy)#

Ending it straight#