Enable AppLocker in windows 7

Step 1

Set Application Identity service to automatic from services.msc.

Step 2

Fire up secpol.msc with admin token and enable the required rule collection
AppLocker_Properties.png

Step 3

Create rules for each collection. In this case I want to block Windows Help
CreateExecutableRules.png

Use Case

Locking down Windows Thin PC.

No matter how well a machine in kiosk mode is locked down, people find a way to get access to command prompt, and the reason I fell is because of the windows help, a link on a help topic triggers IE and from IE local file system browsing is possible. So using AppLocker in Windows Thin PC (cut down version of windows 7 x86 Ent) you can further lock it down.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s