AppLocker
The AppLocker offers the possibility to restrict the running of programs.
- 1. Open the security policies by running secpol.msc. Select Application control policies and below that AppLocker. Various data types can be covered by the rules:
- 2. You can select Create new rule by right clicking one of the rules.
- 3. Select Allow or Refuse and a User or a Group, to whom the rule should apply:
- 4. Select the type of primary condition for your new rule:
- 5. You can specify the rule more precisely by specifying Publisher, Path or File hash. In addition, Publishers, Paths and File hashes can each be excluded from the rule:
- The configuration is now complete.
Notes:
- AppLocker works by default as an "Allow list".
- AppLocker initially checks whether there are any rules that refuse the actions.
- Rules that refuse an action are given a higher priority than rules that allow an action.
- All Windows system files should be allowed.
- So-called "standard rules" (rules for Windows system files) can be created.
- You can lock yourself out of your own system via the AppLocker.
Additional notes:
- Rules can be imported / exported from one machine to another.
- The rules are saved in HLKM\Software\Policies\Microsoft\Windows\SrpV2.
- The application identity service (Appidsvc) must be started for the file identification.
Further information can be found in the Microsoft documentation: