How to use AppLocker to allow or block executable files from running in Windows 10

 175 total views


2021-03-22 06:44:00

AppLocker helps you to control which apps and files a user can run. These include executables, scripts, Windows Installer files, dynamic link libraries (DLLs), Microsoft Store apps, and the installers of these applications.

AppLocker defines execution rules as any file with .exe and .com extensions associated with an application. Because all the default rules for the executable rule collection are based on directory paths, all files in those paths will be allowed. The following table lists the default rules available for the enforcement rule collection.

Any executable files that are not allowed by the default rules below are automatically blocked by default unless you create a new rule to allow the file to a single user or group.

If you want to block an executable that is allowed by the default rules below, you will need to create a new rule to block (deny) the file against a user or group.

This guide will show you how to use AppLocker to allow or block specified executable files (.exe and .com) from running for all or specific users and groups in Windows 10 Enterprise and Windows 10 Education.

How to use AppLocker to allow or block executable files from running in Windows 10

Here’s how to do it:

1. Open Command Prompt as administrator.

2. Copy and paste the command below into the Command Prompt, and press Enter and close Command Prompt when it ends.

This command to ensure service Application Identity enabled, set to Automatic and running. AppLocker cannot enforce rules if this service is not running.

sc config "AppIDSvc" start=auto & net start "AppIDSvc"

3. Open Local Security Policy (secpol.msc).

4. Expansion Application Control Policies in the left pane of the window Local Security Policy, click AppLocker and click on the link Configure rule enforcement on the right side.

Click the Configure rule enforcement link

5. Check box Configured in Executable rules and press OK.

Check the Configured box under Executable rules
Check the Configured box under Executable rules

6. Expand the currently open AppLocker in the left pane of the window Local Security Policy, click Packaged app Rules, right click or press and hold Packaged app Rules, then choose Create Default Rules.

If this step is not done, AppLocker will block all Microsoft Store apps from running.

7. Click Executable Rules, right click or press and hold Executable Rules, then choose Create Default Rules.

If this step is not taken, AppLocker will block all executables from running by default unless authorized by a rule created.

8. Right-click or click and hold Executable Rules, click Create New Rule.

Click Create New Rule
Click Create New Rule

9. Click next.

Click Next
Click Next

10. If you want to specify users or groups to enforce this rule, click Select.

The default setting is Everyone for all users and groups.

The default setting is Everyone
The default setting is Everyone

A) Click the button Advanced.

Click the Advanced button
Click the Advanced button

B) Click the button Find Now.

Click the Find Now button
Click the Find Now button

C) Select the desired user or group and tap OK.

Select the desired user or group
Select the desired user or group

D) Click OK.

Click OK
Click OK

11. Select Allow or Deny according to what you want and click Next.

Select Allow or Deny
Select Allow or Deny

12. Select Path and click Next.

Select Path
Select Path

13. Perform step 14 (for files) or step 15 (for folders / drives) below for the file or folder path you want to specify to allow or block.

14. To specify an executable file path to allow or block

A) Click the button Browse Files.

Click the Browse Files button
Click the Browse Files button

B) Select whether you want to allow or block .exe or .com files in the drop-down menu in the bottom right corner.

C) Navigate to and select the .exe or .com file that you want to allow or block.

D) Click Open and go to step 16 below.

Click Open
Click Open

15. To specify a folder or drive path to allow or block all executable files in that directory or drive.

A) Click the button Browse Folders.

Click the Browse Folders button
Click the Browse Folders button

B) Navigate to and select a folder or drive you want to allow or block all executable files (.exe and .com) in it.

C) Click OK and go to step 16 below.

Click OK
Click OK

16. Click Next.

17. Click Next next once again.

18. Click Create.

19. Your new rule for “Executable Rules” will now be created.

New rules are created
New rules are created

20. Repeat steps 8 through 19 if you want to create another new rule to allow or block another executable for the user or group.

21. When finished, you can close the window Local Security Policy.

.

#AppLocker #block #executable #files #running #Windows

Related Posts

Leave a Reply

Your email address will not be published.

Close Bitnami banner
Bitnami