Protect
/ Defend Windows App Locker
Setting up AppLocker Policy
1.
Open Server Manager and Navigate: Tools
> Group Policy Management.
2.
Expand the target domain > Expand
Group Policy Objects > Right click Group Policy Objects > Click New.
3.
Give the GPO a name > Click OK.
4.
Right click the Group Policy Object
(GPO) we just created > Click Edit.
5.
Navigate: Computer Configuration >
Policies > Windows Settings > Security Settings > Application Control
Policies > AppLocker > Configure rule enforcement.
6.
This is where we can enable AppLocker
enforcement on the given context. In the example below we will be enforcing
Executable rules. Click the check box under Executable rules > Click OK.
7.
Right Click Executable Rules > Click
Create Default Rules.
The rules below will be created automatically:
Note: It is important to do this to allow the executables needed for
the OS to run properly.
8.
Right Click Executable Rules > Click
Create New Rule > Click Next
9.
Click Deny under actions > Click
Next.
10. Click Path > Click Next.
11. We will be blocking Adobe Reader in this
example. Click Browse Folders > Program Files > Adobe > Click OK.
12. Click Next.
13. Click Next > Click Create, to finish
creating the rule.
14. Within the GPO we are editing click on System
Services > Right Click Application Identity > Click Properties.
15. Click the checkbox on Define this policy
setting > Click Automatic > Click OK.
Note: This service needs to be running for AppLocker policies to work
on target machines.
16. Weve completed configuring the policy. Close
the Group Policy Management Editor. As this is a computer-based policy I have
created an OU called Domain Computers with the target machines in there. Right
Click the target OU > Click Link an Existing GPO.
17. Select the AppLocker_Policy
we created > Click OK.
18. Restart the target machines for the settings
to take effect. Because its a computer-based policy it is applied on boot up.
19. Attempt to launch the application and you
should see the message below.