Tip: Lock Down Unauthorized Applications with the Built-In AppLocker Tool

Tips RSS Feed

Subscribe to the TechNet Magazine Tips RSS feed.

Whether you’re dealing with users in your work environment or kids at home, being able to control what applications a user can use can prevent a lot of hassle and headaches. Windows 7 includes a new tool, called AppLocker, that lets you do just this by creating a policy to specify exactly what applications a user is allowed to run.

To access this feature, click start and enter Gpedit.msc. Then navigate to Computer Configuration | Windows Settings | Security Settings | Application Control Policies. Expand the Application Control Policies node and highlight AppLocker.


Here you can configure Executable Rules, Windows Installer Rules, and Script Rules. For example, highlight the Executable Rules node and right-click to select Create New Rule. You can then create a rule allowing or denying access to an executable based on such criteria as the file path or publisher.

And in case you’re in a hurry, AppLocker will let you apply default or automatic rules. There are a lot of options exposed in AppLocker—too many to cover in a short tip—so you’ll have to play around with it some to get a better idea of just how much this tool can do.

Tip by Matthew Graven, a Senior Editor at TechNet Magazine.

Looking for More Tips?

For more Windows 7 beta 1 tips, visit the TechNet Magazine Windows 7 beta 1 Tips page.

For more Tips on other products, visit the TechNet Magazine Tips index.