If creating a policy package for SCCM: Compile to EXE, add the EXE you just created to SCCM as a package: Create Package > Environment > Program can run: Only when user is logged on > Run with user rights.
Registry
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
type: dword
value: NoRun
data: 1
Notes
Set objShell = CreateObject("WScript.Shell")
on error resume next
Set objShell = CreateObject("Wscript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Const HKEY_LOCAL_MACHINE = &H80000002
Const OverwriteExisting = TRUE
Const POPUP_TITLE = "User To SID Conversion"
'SETS CURRENT DIRECTORY TO VARIABLE
strCurrentDirectory = objShell.CurrentDirectory
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set objRegistry=GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
strKeyPath = "SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\ProfileList"
objRegistry.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubkeys
For Each objSubkey In arrSubkeys
on error resume next
strValueName = "ProfileImagePath"
strSubPath = strKeyPath & "\" & objSubkey
objRegistry.GetExpandedStringValue HKEY_LOCAL_MACHINE,strSubPath,strValueName,strValue
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set objAccount = objWMIService.Get("Win32_SID.SID='" & objSubkey & "'")
strUser = objAccount.AccountName
objSubkey = trim(objSubkey)'trims whitespace
strUser = trim(strUser)'trims whitespace
if strUser = "Administrator" then strUser=""
if strUser = "Media" then strUser=""
if strUser = "Default" then strUser=""
if strUser <> "" then
on error resume next
objShell.Run "REG ADD " & chr(34) & "HKEY_Users\" & objSubkey & "\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" & chr(34) & " /v NoRun /t REG_DWORD /d 1 /f",0,false
end if
Next