-Login as an administarator
-Run Policy editor ( start - run - gpedit.msc )
-Navigate following folder...
Local Computer Policy\User Configuration\Administrative Templates\System in the left pane
-Now double click the option Don't Run specified Windows applications in the right pane.
-Now select the Enabled and click Show button
-In the Show Contents dialog box type the name of the application (.exe file name) which you want to allow user not to run under List of Not allowed applications statement.
For eg. type iexplore.exe not to allow Internet Explorer to run.
-If you want to add more applications then type their names under the first one and so on.
-Click OK button.
-Click Apply and then OK button in Run only specified Windows applications window.
-Close Local Group Policy Editor window and you are done.
More on Policy Editor...
How To Use the Group Policy Editor to Manage Local Computer Policy in Windows XP