For a complete Windows security and privacy guide, read: /security-privacy/
Windows doesn’t care if someone opens your apps.
There’s no built-in app lock. No password layer. Nothing.
And yeah, all those blog posts telling you to install some shady locker app?
Half of them break, the other half sell your data.
So yeah, if you want control, you have to force it yourself.
What actually works (and why this is the only sane method)
Windows apps run based on executable access.
If the system can’t execute the .exe, the app is effectively locked.
So instead of trying to add a password UI like Android, you block execution at the system level.
That’s way cleaner.
No background apps. No RAM drain. No random crashes after updates.
You’re basically telling Windows
this user is not allowed to run this file.
The actual method (no garbage, just the working part)
We’re using Local Group Policy.
If you’re on Home edition, yeah, Microsoft screwed you. Skip to the workaround below.
Steps
Press
Win + R
Typegpedit.mscGo here
User Configuration > Administrative Templates > SystemFind
Don't run specified Windows applicationsOpen it → set to Enabled
Click
ShowAdd the app
.exename
examplechrome.exenotepad.exediscord.exe
Done.
Now when someone tries to open it, Windows just blocks it. No drama.
Why this works better than fake app lockers
Most third-party lockers sit on top of the app
They wait → detect → then block
That’s already too late.
Here, the app never even starts.
No CPU usage. No race condition. No bypass by killing the locker process.
If you’re stuck on Windows 11 Home
Yeah, no gpedit.
You’ve got two real options
Option 1: Registry (same logic, more annoying)
Go toHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Create key if it doesn’t exist
Add:
DisallowRun(DWORD = 1)- Create subkey
DisallowRun - Inside it → add string values
1 = chrome.exe2 = discord.exe
Same effect. Just more manual.
Option 2: Rename the executable
Low-tech but effective.
Go to app folder
Rename app.exe → app_locked.exe
Then create a small script to rename back when needed.
Not elegant. But works if you’re lazy and just want quick lock.
Real-world issues you’ll hit
Some apps spawn child processes with different .exe names
Example: Chrome has multiple processes
Blocking chrome.exe is enough to stop launch, but if something already running, it won’t kill it
Also:
- Admin users can bypass this easily
- Safe mode ignores a lot of this
- Portable apps can still run if you don’t block them too
So this is not military-grade security
It’s practical control
Extra trick (if you actually care about privacy)
Create a separate Windows user account
Then apply this restriction only there
Now you’ve got:
- your main account → full access
- secondary account → locked apps
Way cleaner than fighting permissions constantly
Ending it straight
Windows won’t give you app locking because it’s not built for that model.
But the system underneath is flexible enough to fake it properly.
Just don’t fall for those app locker downloads.
They’re solving a problem Windows already lets you handle natively.
Just… hidden behind annoying menus like always.
