SQL Server administration and T-SQL development, Web Programming with ASP.NET, HTML5 and Javascript, Windows Phone 8 app development, SAP Smartforms and ABAP Programming, Windows 7, Visual Studio and MS Office software
Microsoft Windows Tools, Applications, Tutorials, Tips and Tricks for Windows Users


Microsoft Windows 7 AppLocker Tool Step by Step


What is AppLocker ?

Windows 7 AppLocker is one of Windows 7 tool improving security of Windows users.
Using Windows 7 AppLocker feature, Windows users can specify the software that are allowed to run or disallowed to run on a Windows user's PC. Windows administrators can also control AppLocker features and manage applications using flexible Group Policies.

If you have Microsoft Windows 7 Ultimate edition or Windows 7 Enterprise edition installed on your computer then you have Windows 7 AppLocker tool ready for use.

Windows AppLocker enables Windows users to control the execution of specific software applications and programs under certain Windows user previlidges. Especially for parents, Windows 7 AppLocker is a very handy tool to prevent selected programs to be run by children. For example, parents can disallow a PC game rated as including violence for their children to play.

After this basic answer to "What is AppLocker ?" question, let's make a real example on your Windows 7 PC.





How to Create AppLocker Rule ?

Windows 7 users can start Win7 AppLocker following the below selections :
Control Panel > System and Security > Administrative Tools

administrative tools local security policy windows 7 applocker

Double click on Local Security Policy among Administrative tools.
This action will display the Local Security Policy management screen.
Expand node Application Control Policies
Windows 7 users can see the AppLocker node under the Application Control Policies node.

Windows 7 applocker feature

Click on Executable Rules node.
If you have not yet created any rule for a software application, this section will be empty.
Let's create one.

Right click on the Executable Rules node or right click on the empty space on the right pane.
Select Create New Rule from the displayed context menu.

Windows 7 applocker tool create new rule

A wizard will guide Windows 7 users during AppLocker rule creation.

Win7 applocker wizard step by step

Proceed to following step in Windows 7 AppLocker wizard with Next buton.

Permissions screen will be displayed.
In this screen administrators can define if the AppLocker rule will be an Allow action or a Deny action.
Also Windows adminstrators will also identify the Windows users or User groups to be affected by this rule.

win7-applocker-rule-creation-permissions-step

Continue with Next for following Windows 7 AppLocker screen where admins will define the Conditions for the AppLocker rule.

As seen in the below screenshot, Windows 7 AppLocker rules can be set according to Publisher information, or Path of the executable, or File hash information.

windows-7-applocker-rule-conditions

If Windows users select Publisher as Windows 7 AppLocker condition, the next screen will be a filter screen to identify the publisher and product information of the applications to be covered by the rule.

In the Publisher definition screen, choose an executable application file for reference.
Click on the Browse buton to start identifying the publisher properties to define a Windows 7 Applocker rule over.

Assume that I do not want to let Gizmo tool to be used by my child.
So I want to create a sample AppLocker rule that can be used by parents as a Windows 7 parental control.
Browse the software application that you want to disallow.
The publisher and the product details will be listed as follows:

windows-7-applocker-rule-over-publisher-properties

You can cover a wider range of products of the related publisher by moving the slider upwards.
If you move the slider downwards a more detailed filter will be applied.
When slider is up a more common filter criteria will be applied for the Win7 AppLocker rule.

The next screen Exceptions in the AppLocker wizard will let Windows administators to define exceptions to the above filter criteria.
For example, if you have defined a Deny rule in the Publisher name level. But you also want to allow a specific program published by the related publisher. Then you can define an Exception on this screen using the product name for instance.

The last screen in the Applocker wizard enables users to name the Win 7 AppLocker rule and supply a description of the rule for further reference.

win7-applocker-name-and-description

Click the Create buton to proceed with the Windows 7 AppLocker rule creation task.
After the rule is created, this rule will be listed in the Executable Rules list as a new item.

As a summary, I hope you have at least some introductory level information about what is AppLocker Windows 7 tool and how to use Windows 7 AppLocker tool for securing your digital environment. For more technical information about this new Windows 7 tool, AppLocker you can download AppLocker technical information documents from Microsoft Download Center




Copyright © 2004 - 2021 Eralper YILMAZ. All rights reserved.