My servers are running inside VMWARE workstation 15 pro.  I would like to lock down the host computers.  Specifically, I want to use a non-administrator account on the host (after initial setup of the VPN).  I’ve configured the group policy setting, “User Configuration > Administrative Templates, -> System -> Run only specified Windows applications,“ and applied it to non-administrators.  After doing this and logging in as a non-administrator, I was not able to run anything as expected.  I then added vmware.exe to the list of exceptions but I was not able to open it. I then added every executable inside the VMWARE program directory but, still, I was not able to open it.  I then added, as a test, cmd and notepad, and both of those started working.  I also turned off the setting and the non-administrator was able to run vmware then.  My suspicion is that VMWARE is relying on one or more windows processes that are getting blocked by the group policy setting but I can’t find anything that lists it. Does anyone know or has anyone tried this?

I am aware that there is the reverse setting, “Don’t run specified Windows applications,” but it seems like an awful lot of work when, essentially, I don’t want anything to work for this regular user (not regedit, not powershell, and so many more), except I want them to be able to double click the VMWARE icon and start the virtual server.