Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, August 30, 2017 3:32 PM
I've read the several articles about Applocker and none seem to help. I have a W10 Pro (1703) that is NOT domain connected. I want to only ALLOW a few programs to run such as Chrome, calculator, and maybe File Explorer. I have created an executable rule for chrome and specified a user account to apply to only. Also, the default rules are set to DENY so none of the other apps should execute. But everything still executes. Yes, i HAVE enabled/Started App Identity service and rebooted.
See screenshots below.
https://metroeastdigital-my.sharepoint.com/personal/shackbill_metroeastdigital_com/\_layouts/15/guestaccess.aspx?docid=0dd81b083946a4f2dad27aed0241fc30c&authkey=ATe7fC7im85PuEd4-Efm0FE
ANy ideas or assistance is appreciated.
bill
All replies (6)
Thursday, August 31, 2017 9:39 AM ✅Answered | 1 vote
Hi Bill,
App Locker is only used for Windows Enterprise and Education, and the function is reduced in Windows 10 Professional. (See your capture high light part.)
If you want to restrict some one to execute special application, we could navigate to User Configuration > Administrative Templates > System> Don’t Run Specified Windows Applications. When you click it and Enable, a new option appears called "List of Disallowed Applications". Click "Show" and a third window appears where you type in the path of the program to be blocked.
There are some ways to restrict application to run, for detailed information, please refer to the following link:
Block users from installing or running programs in Windows 10/8/7
http://www.thewindowsclub.com/how-to-prevent-users-from-installing-programs-in-windows-7
NOTE: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, August 30, 2017 6:22 PM | 1 vote
AppLocker is included with enterprise-level editions of Windows only. It is not supported on Windows 10 Pro. While you can create Applocker rules, they won't be enforced.
For more information, check out the technet article: https://docs.microsoft.com/en-us/windows/device-security/applocker/applocker-overview
Blog - http://www.vacuumbreather.com / http://www.wcsaga.com
Wednesday, August 30, 2017 8:32 PM
Well that makes no sense at all. Leave it up to Microsoft to add a capability that doesnt work? Why would it even be included in Local Security Policy Editor?
The referenced article says that W10 can be enforced but not managed. See image.
ANy other way i can block apps in W10? Any 3rd party tools?
Thursday, August 31, 2017 6:25 AM
If you read documentations carefuly, you will notice that the information applies only to Windows 10 Enterprise / Education. It was always like this, ever since the introduction of Applocker in Windows 7: AppLocker was available in all editions of Windows Server 2008 R2 and in Windows 7 Ultimate and Windows 7 Enterprise. Windows 7 Professional could be used to create AppLocker rules. However, AppLocker rules could not be enforced on computers running Windows 7 Professional.
There are third party tools that (McAfee and Kaspersky for instance) - none of those I am aware of are free of charge though.
Blog - http://www.vacuumbreather.com / http://www.wcsaga.com
Thursday, August 31, 2017 8:05 PM
Thanks. I will try to use the Admin Templates as you have suggested. I think i will also just find the right registry keys to hide the start menu and/or remove all the apps from displaying there. I will let you know how it goes.
s.
Friday, September 1, 2017 2:31 AM
Hi Bill,
Thank you for your reply, and your subsequent feedback.
I will be very appreciate if you could mark all helpful replies. This action is very useful for other customers.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].