Software Restriction Policies (SRP)

A security level can be set as default. Exceptions can be defined for the default levels.

Security level

Description

Not permitted

Programs cannot be executed.

Default user

Programs can be run with the permissions of a default user.

Not restricted

Each user can run programs without restriction.

The following exception rules can be defined for certain programs. They are referred to as additional rules:

Type

Description

Hash Rule

For unmodified program files in a certain version, the file name is ignored.

Note For updates, these hash rules must be updated.

Certificate Rule

For correctly signed program files whose publisher certificate is set.

Path Rule

For program files in certain paths. The paths can also contain placeholders and environment variables (such as %PROGRAMFILES%).

Internet zone Rule

Programs located in the network zones defined by Internet Explorer.

The following steps help you to set up a kiosk mode for Windows 10, in which several applications can be run:

https://docs.microsoft.com/en-us/windows/configuration/lock-down-windows-10-applocker

A general deployment guide from Microsoft can be found here:

https://docs.microsoft.com/de-de/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide

See also: