Protect / Defend – Windows – App Locker

 

Setting up AppLocker Policy

1.     Open Server Manager and Navigate: Tools > Group Policy Management.



2.     Expand the target domain > Expand Group Policy Objects > Right click Group Policy Objects > Click New.



3.     Give the GPO a name > Click OK.



4.     Right click the Group Policy Object (GPO) we just created > Click Edit.



5.     Navigate: Computer Configuration > Policies > Windows Settings > Security Settings > Application Control Policies > AppLocker > Configure rule enforcement.



6.     This is where we can enable AppLocker enforcement on the given context. In the example below we will be enforcing Executable rules. Click the check box under Executable rules > Click OK.



7.     Right Click Executable Rules > Click Create Default Rules.



The rules below will be created automatically:
A white background with black text

Description automatically generated

Note: It is important to do this to allow the executables needed for the OS to run properly.

8.     Right Click Executable Rules > Click Create New Rule > Click Next



9.     Click Deny under actions > Click Next.



10.  Click Path > Click Next.



11.  We will be blocking Adobe Reader in this example. Click Browse Folders > Program Files > Adobe > Click OK.



12.  Click Next.



13.  Click Next > Click Create, to finish creating the rule.





14.  Within the GPO we are editing click on System Services > Right Click Application Identity > Click Properties.



15.  Click the checkbox on Define this policy setting > Click Automatic > Click OK.



Note: This service needs to be running for AppLocker policies to work on target machines.

16.  We’ve completed configuring the policy. Close the Group Policy Management Editor. As this is a computer-based policy I have created an OU called Domain Computers with the target machines in there. Right Click the target OU > Click Link an Existing GPO.



17.  Select the AppLocker_Policy we created > Click OK.





18.  Restart the target machines for the settings to take effect. Because it’s a computer-based policy it is applied on boot up.

19.  Attempt to launch the application and you should see the message below.

A blue sign with white text

Description automatically generated