Windows ecosystem generally works with 3 party applications easily while installing and running them. This creates some risk especially for the novice users. Windows administrators generally want to restrict users applications and executables to make their operating system more secure.

Windows recently launched a feature named AppLocker . As its name suggests it simply restricts the executables and applications those can run on the system or user account.

Features

Applocker provides different restrictions according to following situations.

• Which user have access to the application?
• Which users can install new application?
• Which application versions can be installed?
• How to audit licensed application?

White Listing Application

In security world there is very popular technique named While Listing . A list of software that is secure and approved is created and only this list or inventory includes applications can be installed in to the systems. Other applications are prohibited from installed unless not excepted.

Create A Rule

Now action starts. We will create a rule to give permission to an application to run on the windows system.

Open Local Group Policy Editor

The new rules will be created with Local Group Application Editor. So we will open this editor easily by running following command in Windows run.

gpedit.msc

Open Create New Rule Form

We will navigate to the Applocker section with Computer Configuration -> Windows Settings -> Security Settings -> Application Control Policies

Click Next

Nothing else matters 😉

Decide Behaviour

We should decide the behaviour of the executable in this page. We simply allow application. Also we can select the users the rules will be applied. In this situations by  default Everyone

Provide Executable Rule Condition

One of the most important part is this step. We will define and identify the application we want to rule. There is 3 type of identification technique.

• Publisher information is gathered from executable verified Published meta data.
• Path information is simply from which location the executable resides.
• File hash is a unique value describes the application

We will use file hash in this example.

Specify Executable File

In this step we will select executable files one by one or by specifying the directory the executables located. As an example we have selected 7z application. These files hashes will be calculated automatically and stored in the created rule.

Provide Rule Name and Description

As the rule vault grows and become bigger management of these rules become a nightmare. So we should select a name which is identifiable. Also we can put some description about rule.

And click to Create button on the left bottom side.

Create Default Rules

After click create we will get a warning stating that in order to prevent unexpected problems we should add default rules which are used to give required permissions to the Everyone and builtin administrators.

After clicking Yes following rule list will appear

Enable Applocker Rules With Enforcement

We have created our rule but is it enabled and works as we expect? Not because we should enable the AppLocker rules from its properties.

Open Applocker Properties

We can open Applocker properties window like below.

Enable Rules

We will just enable Configured checkbox of Executable rules like below and then select Enforce rules and click Apply .

I suggest you that for the first time for a little time select Audit only. This will not enforce rules but create logs about the rules and give hints how it works and prevent accidents and lockdown.