175 total views
2021-03-22 06:44:00
AppLocker helps you to control which apps and files a user can run. These include executables, scripts, Windows Installer files, dynamic link libraries (DLLs), Microsoft Store apps, and the installers of these applications.
AppLocker defines execution rules as any file with .exe and .com extensions associated with an application. Because all the default rules for the executable rule collection are based on directory paths, all files in those paths will be allowed. The following table lists the default rules available for the enforcement rule collection.
Any executable files that are not allowed by the default rules below are automatically blocked by default unless you create a new rule to allow the file to a single user or group.
If you want to block an executable that is allowed by the default rules below, you will need to create a new rule to block (deny) the file against a user or group.
This guide will show you how to use AppLocker to allow or block specified executable files (.exe and .com) from running for all or specific users and groups in Windows 10 Enterprise and Windows 10 Education.
How to use AppLocker to allow or block executable files from running in Windows 10
Here’s how to do it:
1. Open Command Prompt as administrator.
2. Copy and paste the command below into the Command Prompt, and press Enter and close Command Prompt when it ends.
This command to ensure service Application Identity enabled, set to Automatic and running. AppLocker cannot enforce rules if this service is not running.
sc config "AppIDSvc" start=auto & net start "AppIDSvc"3. Open Local Security Policy (secpol.msc).
4. Expansion Application Control Policies in the left pane of the window Local Security Policy, click AppLocker and click on the link Configure rule enforcement on the right side.
5. Check box Configured in Executable rules and press OK.
6. Expand the currently open AppLocker in the left pane of the window Local Security Policy, click Packaged app Rules, right click or press and hold Packaged app Rules, then choose Create Default Rules.
If this step is not done, AppLocker will block all Microsoft Store apps from running.
7. Click Executable Rules, right click or press and hold Executable Rules, then choose Create Default Rules.
If this step is not taken, AppLocker will block all executables from running by default unless authorized by a rule created.
8. Right-click or click and hold Executable Rules, click Create New Rule.
9. Click next.
10. If you want to specify users or groups to enforce this rule, click Select.
The default setting is Everyone for all users and groups.
A) Click the button Advanced.
B) Click the button Find Now.
C) Select the desired user or group and tap OK.
D) Click OK.
11. Select Allow or Deny according to what you want and click Next.
12. Select Path and click Next.
13. Perform step 14 (for files) or step 15 (for folders / drives) below for the file or folder path you want to specify to allow or block.
14. To specify an executable file path to allow or block
A) Click the button Browse Files.
B) Select whether you want to allow or block .exe or .com files in the drop-down menu in the bottom right corner.
C) Navigate to and select the .exe or .com file that you want to allow or block.
D) Click Open and go to step 16 below.
15. To specify a folder or drive path to allow or block all executable files in that directory or drive.
A) Click the button Browse Folders.
B) Navigate to and select a folder or drive you want to allow or block all executable files (.exe and .com) in it.
C) Click OK and go to step 16 below.
16. Click Next.
17. Click Next next once again.
18. Click Create.
19. Your new rule for “Executable Rules” will now be created.
20. Repeat steps 8 through 19 if you want to create another new rule to allow or block another executable for the user or group.
21. When finished, you can close the window Local Security Policy.
.
#AppLocker #block #executable #files #running #Windows
