Using Applocker to lock down software

Applocker is much better than software restriction policies but it only works on 2008 Server R2 and W7 and beyond.

You do not want to use both applocker and software restriction policies in the same group policy because applocker policies will apply and software restriction policies will be ignored.

To create an applocker policy navigate to:

Computer Configuration => Windows Settings => Security Settings => Application Control Policies => Applocker

b1

Right Click on applocker and select properties.

b2

Select configured Enforce rules and click Ok

b3

Right click on Executable Rules and select Create Default Rules.

With applocker everything is blacklisted except what is specifically allowed.If you do not enable default locations you can stop windows from running.

b4

b5

Right click on Executable Rules again and this time select Automatically Generate Rules

b6

Select the security Group you want this rule to apply to.

b7

b8

Click on Create and Rules are Automatically Generated.

b9

Now to create a specific rule right click on Executable Rules and select Create New Rule.

b10

b11

Click Next

b12

Choose Allow or Deny and what group you want this rule to apply to and click next

b13

Next you have a selection of Publisher Path or File Hash. Make your selection and click next.

b14

Select a reference file in this case I am using paint.

b15

b16

b17

Then Click Create and the rule appears in the list.

To make applocker work on a client the Application Identity service needs to be started automatically. This can be done with group policy.

b18

Or using a preference.

b19