The Windows Club

Windows AppLocker prevents users from installing or running applications

Windows Applocker was introduced in Windows 7 and includes some new features in Windows 8/10. With AppLocker, an administrator can block or allow certain users or user groups from installing or using certain applications. You can use blacklisting rules or whitelisting rules to achieve this result. AppLocker helps administrators control which applications and files users can run. These include executable files, scripts, Windows Installer files, DLLs, Packaged apps, and Packaged app installers.

In Windows 8 and Windows 10 Applocker has evolved and lets you block legacy as well as Windows Store apps.

AppLocker in Windows

To prevent users from installing or running Windows Store Apps with AppLocker in Windows, type secpol.msc in Run and hit Enter to open the Local Security Policy Editor.

In the console tree, navigate to Security Settings > Application Control Policies > AppLocker. Select where you want to create the rule. This could be for an Executable, Windows Installer, Scripts or in the case of Windows 8, a Windows Store packaged app.

Let us say you want to create a rule for Packaged apps. Right-click on Packaged apps and select Create Rule. You will see a Before You Begin page.

Click Next to reach the Permissions page.

On this page, select the action viz. Allow or Deny and the User or User Group you want the rule to apply. Click Next to reach the Conditions page.

Select how you wand to create the rules – base on Publishers, File Path or Has. I have selected Publishers, which is the default. Click Next to reach the Publisher page.

Here you can browse for and select a Reference for the Packaged app and set the Scope for the rule.

Settings for Scope include:

  1. Applies to Any publisher
  2. Applies to a specific Publisher
  3. Applies to a Package name
  4. Applies to a Package version
  5. Applying custom values to the rule

The options for Reference include:

  1. Use an installed packaged app as a reference
  2. Use a packaged app installer as a reference

After making your selections, click Next again.

If you wish, on the Exceptions page you may specify conditions when to exclude the rules, and on the Name and Description page, you can accept the automatically generated rule name or type a new rule name, and click Create. You can read more on creating rules for Packaged Windows Store apps here at Technet.

Do note that for the AppLocker to work on your system, the Application Identity service must be running on your computer. Also, the Group Policy Client service, gpsvc, required for running AppLOcker, is disabled by default on Windows RT, so you may have to enable it via services.msc.

Difference between appLocker in Windows 8/10 & Windows 7

The AppLocker in Windows 8 allows you to also create rules for Packaged Windows Store apps. Moreover, the Windows 10/8 AppLocker rules can also additionally control the .mst and .appx file formats.

This app has been blocked by your system administrator

If as a user, you find that when you start any Windows Store app (or traditional software) you receive the message: This app has been blocked by your system administrator, you will have to contact your Administrator and ask him to create rules to allow you to use (or install) the software.

To create and enforce AppLocker rules, the computer must be running Windows 10/Windows 8 Enterprise, Windows 7 Ultimate, Windows 7 Enterprise, Windows Server 2008 R2 or Windows Server 2012.

Windows Program Blocker is a free App or Application blocker software to block software from running on Windows 10/8/7.