Enable AppLocker in windows 7

Step 1

Set Application Identity service to automatic from services.msc.

Step 2

Fire up secpol.msc with admin token and enable the required rule collection
AppLocker_Properties.png

Step 3

Create rules for each collection. In this case I want to block Windows Help
CreateExecutableRules.png

Use Case

Locking down Windows Thin PC.

No matter how well a machine in kiosk mode is locked down, people find a way to get access to command prompt, and the reason I fell is because of the windows help, a link on a help topic triggers IE and from IE local file system browsing is possible. So using AppLocker in Windows Thin PC (cut down version of windows 7 x86 Ent) you can further lock it down.

Leave a comment

Your email address will not be published. Required fields are marked *

WordPress Appliance - Powered by TurnKey Linux