Prevent access to 16-bit applications Specifies whether to prevent the MS-DOS subsystem (ntvdm.exe) from running on this computer. This setting affects the launching of 16-bit applications in the operating system. By default, the MS-DOS subsystem runs for all users on this computer. You can use this setting to turn off the MS-DOS subsystem, which will reduce resource usage and prevent users from running 16-bit applications. To run any 16-bit application or any application with 16-bit components, ntvdm.exe must be allowed to run. The MS-DOS subsystem starts when the first 16-bit application is launched. While the MS-DOS subsystem is running, any subsequent 16-bit applications launch faster, but overall resource usage on the system is increased. If the status is set to Enabled, ntvdm.exe is prevented from running, which then prevents any 16-bit applications from running. In addition, any 32-bit applications with 16-bit installers or other 16-bit components cannot run. If the status is set to Disabled, the default setting applies and the MS-DOS subsystem runs for all users on this computer. If the status is set to Not Configured, the default applies and ntvdm.exe runs for all users. However, if an administrator sets the registry DWORD value HKLMSystemCurrentControlSetControlWOWDisallowedPolicyDefault to 1, the default changes to prevent all 16-bit applications from running. Note: This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting overrides.

[enable/disable]

(1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsApplication Compatibility!Prevent access to 16-bit applications (2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsAppCompat!VDMDisallowed