I had always wished for a feature in Windows which gives me Access control system where I can define which users have access to which programs. May be we get it in Windows Next but till then you can use the Group Policy Editor of Windows 7 to define which programs can be started by Windows user.
- Go to Group Policy Editor by typing gpedit in run or Group Policy Editor in Start menu Search
- Navigate to User Configuration\Administrative Templates\System and look for “Run only specified Windows applications”.
Enable it and click on Show List and here you can add which applications ( exact executable name ) to the List of Allowed Applications.
However there are few drawbacks of this system i.e. if somebody invokes this program from Command Line or Task Manager > Run , it will override the settings you just made above as they both have higher privilege.