Skip to main content

Restrict Access to Programs with AppLocker in Windows 7

If you share a computer and don’t want other users accessing certain applications, there is a new feature in Windows 7 that allows you to block them. Today we take a quick look at restricting what programs other users can access using AppLocker.
Note: AppLocker is only available in Ultimate and Enterprise versions of Windows 7.

Using AppLocker
To access Group Policy Editor and create rules in AppLocker you’ll need to be logged in as Administrator. Click on Start and type gpedit.msc into the search box and hit Enter.
1-app
Under Local Computer Policy go to Computer Configuration \ Windows Settings \ Security Settings \ Application Control Policies \ AppLocker.

Now you will see the overall controls for the applications.

Under Configure Rule Enforcement click on the Configure rule enforcement link.

Now under AppLocker Properties check the boxes next to Configured under Executable rules then click Ok.

Blocking Apps from Running
In this scenario, Jack wastes time playing games like Minesweeper and Solitaire when he should be doing his homework, so we are going to block all of the games. After completing the steps above, under the Overview section click on Executable Rules.

Since this is your first time accessing AppLocker, there will be no rules listed. Right-click and select Create New Rule…

This opens up the Create Executable Rules wizard and you can select not to show the introduction screen at start up for the next time you access it.

Select Permissions under Action select Deny.
 
Add the user you want to block, in this case it’s Jack.

After you’ve selected the deny action and selected the user continue to the next step.

In Conditions you can select from Publisher, Path or File hash. We don’t want Jack to have access to any of the games. so we will select Path.

Click on Browse Folders and select the Microsoft Games folder.

In the next screen you could add Exceptions like allowing certain files, but because we are blocking the entire games directory we’ll skip to the next screen.

Here you can add a description to the rule so you can keep track of them is there are several rules configured. When everything looks right click on Create.

A message pops up saying default rules haven’t been created yet. It is important to make sure they are created so click Yes to this message.

Now you will see the default rules and the new one you created showing Jack is denied access to the Microsoft Games directory.

After creating the rule make sure and go into services and make Application Identification is started and that it’s set to automatically start as well otherwise the rules won’t work. By default this service is not started so you will need to enable it.

Now, when Jack logs into his user account and tries to access the games he will only see the following message. Only an Administrator can go in and change the rule.

Comments

Popular posts from this blog

Use Portable VirtualBox to Take Virtual Machines With You Everywhere

Install Portable VirtualBox to an External Drive First, get started by downloading the Portable VirtualBox installer from vbox.me . Run the downloaded file and extract it to an external drive or wherever else you want to store your portable VirtualBox system. You can always move it later, if you like. Launch the Portable-VirtualBox.exe program from here and you’ll be prompted to download and install VirtualBox’s program files on your external drive. The tool can automatically download VirtualBox’s files for you. After it does, click the OK button to unpack them. If the full version of VirtualBox is already installed on your computer, you won’t see this screen and VirtualBox will just open instead. You’ll want to uninstall VirtualBox first or set this up on a computer without VirtualBox installed. Launch the program again after it finishes unpacking files. After you agree to a UAC prompt , you’ll see the standard VirtualBox window. A VirtualBox system tray icon...

Reset Windows Password Using Ubuntu

If you can’t log in even after trying your twelve passwords, or you’ve inherited a computer complete with password-protected profiles, worry not – you don’t have to do a fresh install of Windows. We’ll show you how to change or reset your Windows password from a Ubuntu Live CD. This method works for all of the NT-based version of Windows – anything from Windows 2000 and later, basically. And yes, that includes Windows 7. Note: If you have files on your hard disk encrypted using built-in Windows encryption, they may not be available after changing the Windows password using this method. Exercise caution if you have important encrypted files. You’ll need a Ubuntu 9.10 Live CD, or a bootable Ubuntu 9.10 Flash Drive. If you don’t have one, or have forgotten how to boot from the flash drive, check out our article on creating a bootable Ubuntu 9.10 flash drive . The program that lets us manipulate Windows passwords is called chntpw . The steps to install it are different in 32-bit and 6...

Create a Restore Point for Windows 7 or Vista’s System Restore

If you are thinking of installing an application but aren’t quite sure what it’s going to do to your computer, I would absolutely recommend creating a restore point before you install that application, and here are the steps to do so. Note that most application installs automatically create a restore point, but you can do this if you are really worried. Open up the Start Menu and right-click on “Computer”, and then select “Properties”. This will take you into the System area of Control Panel. Click on the “System Protection” link on the left hand side. Now select the “System Protection” tab to get to the System Restore section. Click the “Create” button to create a new restore point. You’ll be prompted for a name, and you might want to give it a useful name that you’ll be able to easily identify later. Click the Create button, and then the system will create the restore point. When it’s all finished, you’ll get a message saying it’s completed successf...