AppLocker is a customizable rules that allow/disallow applications, scripts and installers on a per user or per group basis. By using this feature, an administrators can ensure that security and licensing compliance needs are met, and to provide granular level security to align with corporate security compliance. You can configure the following rules in AppLocker via group policy object
- Executable Rules
- Windows Installer Rules
- Script Rules
- Packaged App Rules
AppLocker can be found in Computer ConfigurationWindows SettingsSecurity SettingsApplication Control PoliciesAppLocker location shown in picture
an administrator creates or edits a Group Policy Object based on business needs. Rules can be created to allow/deny any applications/scripts/installers to run per user or per group. The following is an example to create a rule allowing Adobe Acrobat using AppLocker.
Right Click on Executable Rules, Click Create New Rule
On the Permission page, Click Allow, Click Next
Select Publisher, Click Next
Click Browse and go to the C:Program Files (x86)AdobeAcrobat 10.0Acrobat and select Acrobat.exe. If you would like to select specific version, Click Next otherwise drag mouse product name shown product name. in this way you have selected Adobe Acrobat and any version will be allowed by this rule.
On the Exceptions page, Click Next
On the Name page, Click Create.
Now you will see the rule in the following screen
AppLocker is a robust tool to manage corporate compliance and security on the desktop and server platform.
Blog by Raihan Al-Beruni 