Tuesday, November 17, 2009

What is AppLocker? and How To Use AppLocker in Windows 7

To increase security on your computer, Microsoft has provided Windows 7 AppLocker function, a tool to block the execution of programs that they consider dangerous, suspicious or just not appropriate.

In addition, AppLocker lets you control and manage applications, libraries or scripts that other PC users are running, and it does a fairly simple, allowing us to create rules to allow or prevent the use or implementation of programs, adding attributes like the name application, signature of the manufacturer, etc.. well, if the program or application updates, will continue into the rule that we have created.

In short, AppLocker is a tool that will allow us to define the operation of certain programs and applications to specific users or groups.

Now, let's see an example of how to create a rule AppLocker Windows 7 before a program we do not want to run under a user other than us, which incidentally, provided we can only use or create these rules with administrator .

Block AppLocker programs in Windows 7

To access the AppLocker function, the first thing we do is access the local policy editor of Windows 7, and for this, we will:

Start menu> type gpedit.msc> Enter

Within the local policy editor, follow through left window the following route:

Computer Configuration> Windows Settings> Application Control Policy> Folder AppLocker

To create a rule we should go to the Introduction section. In it, there are three types of rules that we create:
  • Executable Rules
  • Windows Installer Rules
  • Scripts Rules
In this tutorial, we will see an example of rules for executable applications, although in future tutorials, we will look at other options, so tap on Rules executables.

To create a new rule of AppLocker in Windows 7, we right click and select Create new rule. On the menu, you can see as we have options to automatically generate rules (rules for a group of applications or users) and create default rules (pre-established).

When you click on create new Rule, it will run a wizard that will show information about the steps we should follow. So the first thing we have to select is the type of rule you want to establish.

AppLocker as we mentioned, you can define rules to allow executions to reject them. In our case and example, we want to refuse to execute a program or application to a specific user or group of them, so let's select Deny to prevent the execution of that application and then, we must choose the user who apply the rule.

Once this step, we must identify the program that we apply the rule. To do this, we can act in several ways:

We use the signature program editor by clicking the Editor to identify a particular program can modify the restriction of regulation to prohibit the execution of the program to new versions.

The path option allows the program to identify the file that contains it, ie it will show a file browser in which select the executable that launches the particular application.

File Hash option which allows us to identify a program with security code, ie executable brand uniquely, omitting the rule for new versions of the program.

Like any rule-making service in Windows 7 and earlier versions, the next step is to create a name and description of the rule created. This serves to ensure that in subsequent steps, we can quickly identify a specific rule if we have to modify, delete, etc..

Finally, AppLocker can see a list with the names of rules created in Windows 7, which by the way, we can delete, modify, etc.. clicking the right mouse button on any of them