A. Windows 7 introduced AppLocker in the Enterprise and Ultimate SKUs. AppLocker is an alternative to the Software Restriction Policies (SRPs) that were introduced with Windows XP. (SRPs are still available in Windows 7.)

Many security problems are caused by malware users introduce when they run software they shouldn't, so the best way to stop these problems is to not let the programs run, and only allow approved code to execute. SRPs are very powerful, allowing applications to be whitelisted (allowed) and black listed (blocked), the implementation was complex and mistakes were common, so they cause disruption and many customers didn't implement them.

AppLocker improves on SRP by offering a far more effective management experience. It can use enforcement mode, where applications are stopped from executing, or audit-only mode, which just sends a notification when applications that aren't within policy are executed. (You can get notifications for all applications by simply keeping your whitelist empty.)

Access AppLocker through Computer Configuration, Policies, Windows Settings, Security Settings, Application Control Policies, AppLocker. You can create rules based on the path of a program (including wildcards), file hash rule, and publisher rules based on digitally signed software. The main interface is shown below. Notice that when you use a publisher rule, you have a slider that controls how exact the rule is. For example, you can allow any version of an executable, any executable from the product, or anything from the publisher.

AppLocker Permissions

AppLocker Conditions

Applocker Permissions

AppLocker Publisher

 

You can also automatically generate the rules by scanning a template computer for executables—any executable found on the template machine is added to the allowed list.