Applocker

AppLocker is the successor of Software Restriction Policies introduced first in the Windows XP and Windows Server 2003 computers. The AppLocker can be used to allow or deny the execution of an application, file, EXE, DLL, etc. The AppLocker provides the following enhancements:

You can define the rules based on the attributed from a file. For example, you can allow execution of a file based on the publisher.
You can configure the AppLocker in Audit Mode.
A new user friendly user-interface can be used to configure AppLocker.
Requirement for AppLocker:
AppLocker works only on Windows 7 and Windows Server 2008 R2 computers. AppLocker is available only in the below mentioned editions:
     Windows 7 Ultimate/Enterprise
     Windows Server 2008 Standard/Enterprise/Datacenter
AppLocker requires a service to be running in background. The service name is Application Identifier or AppID. By default, this service is stopped and must be started for AppLocker to work.
To configure AppLocker, follow the steps:
    1. Go to Start > Run > GpEdit.msc
    2. Expand the following node/sub-node:
    Computer Configuration\Windows Settings\Security Settings\Local Policies\Application
    ControlPolicies\AppLocker
AppLocker rules are completely separate from Software Restriction Policy rules and cannot be used to manage previous versions of Windows.
AppLocker and Software Restriction Policies are separate. If AppLocker rules have been defined, then only those rules will be applied and Software Restriction Policies rules will be ignored.

Overview of Windows AppLocker

AppLocker is a new feature in Windows 7 and Windows Server 2008 R2 that replaces the Software Restriction Policies feature. AppLocker contains new capabilities and extensions that reduce administrative overhead and help administrators control how users can access and use files, such as executable files, scripts, Windows Installer files, and DLLs. Using AppLocker, you can:
Define rules based on file attributes derived from the digital signature, including the publisher, product name, file name, and file version. For example, you can create rules based on the publisher attribute that is persistent through updates, or you can create rules for a specific version of a file.

Assign a rule to a security group or an individual user.

Create exceptions to rules. For example, you can create a rule that allows all Windows processes to run except Registry Editor (Regedit.exe).

Use audit-only mode to deploy the policy and understand its impact before enforcing it.

Import and export rules. The import and export affects the entire policy. For example, if you export a policy, all of the rules from all of the rule collections are exported, including the enforcement settings for the rule collections. If you import a policy, the existing policy is overwritten.

Simplify creating and managing AppLocker rules by using AppLocker PowerShell cmdlets. 

Windows AppLocker

AppLocker is a new feature in Windows 7 and Windows Server 2008 R2 that allows you to specify which users or groups can run particular applications in your organization based on unique identities of files. If you use AppLocker, you can create rules to allow or deny applications from running.
Today's organizations face a number of challenges in controlling application execution, including the following:
Which applications should a user have access to run?

Which users should be allowed to install new software?

Which versions of applications should be allowed?

How are licensed applications controlled?

To meet these challenges, AppLocker provides administrators with the ability to specify which users can run specific applications. AppLocker allows administrators to control the following types of applications: executable files (.exe and .com), scripts (.js, .ps1, .vbs, .cmd, and .bat), Windows Installer files (.msi and .msp), and DLL files (.dll and .ocx). This helps reduce the organization's cost of managing computing resources by decreasing the number of help desk calls from users running inappropriate applications.
The following topics provide more information about AppLocker:
Overview of Windows AppLocker

Configuring AppLocker Rules

Configuring AppLocker Rule Enforcement

Configuring AppLocker Rule Exceptions

AppLocker Rule Properties