Windows Server 2008 R2 9

AppLocker in Windows 7 and 2008 R2 lets you decide who can run what applications on the desktops. AppLocker can be now applied in the GPO settings. AppLocker can be found in Computer Configuration > Policies > Windows Settings > Security Settings > Application Control Policies > AppLocker.
For AppLocker to work, we have to run the Application Identity service. This is not turned on by default, so we have to enforce it through GPO. To enforce this, browse to Computer Configuration > Preferences > Control Panel Settings > Services then add the AppIDSvc



AppLocker allows to create rules to decide who gets to run what. Before we do anything, we need to first create the default rules. If you don't do default rules, the users will be locked out of their computers.



We then create rules by using the Create Executable Rules wizard.



After we're done with our rules, we should then go over to the AppLocker page to enforce all rules.



A restricted program would appear like this on a client machine: