Restrict Applications with AppLocker

by

Windows 7 offers new application control policies with AppLocker, a flexible, easy-to-use mechanism that enables IT professionals to specify exactly what is allowed to run on user desktops. AppLocker restricts unauthorized software while allowing applications, installation programs, and scripts that users need.

Note: AppLocker is only available in Windows 7 Professional, Ultimate and Enterprise.

Note: Use caution when creating AppLocker rules. It is possible to block all applications which would stop Windows from function.

The following steps detail how to block the Microsoft games from running.

  1. Log on using the local Administrator account (if you haven’t already enabled this account please see enable Administrator account)
  2. Click on ‘Start’, type gpedit.msc into the search box and then hit Enter on the keyboard.
  3. Navigate to ‘Computer Configuration -> Windows Settings -> Security Settings -> Application Control Policies -> AppLocker’
  4. The options will be in the right hand window
  5. Under ‘Configure Rule Enforcement’ click on ‘Configure rule enforcement’

  1. Under ‘Executable rules’ place a tick next to ‘Configured’ and click ‘OK’

  1. Under ‘Overview’ click on ‘Executable Rules’
  2. Right-click in the blank area and select ‘Create New Rule…’
  3. Click ‘Next’
  4. Select ‘Deny’ and select the user or group you want the rule to apply to, for this example it will remain ‘Everyone’
  5. Select ‘Path’ then ‘Next’
  6. Click on ‘Browse Folder…’, navigate to the Microsoft Games folder and click ‘OK’
  7. This will leave the folder path as “%PROGRAMFILES%\Microsoft Games\*”
  8. Click on ‘Create’
  9. A message will pop up saying the default rules haven’t been created yet. Click ‘Yes’ to create these.
  10. The new rules have been created and will be listed. Close the Local Group Policy window.
  11. Click on ‘Start’, type services.msc into the search box and then hit Enter on the keyboard
  12. From the list, open ‘Application Identity’
  13. Change ‘Startup type’ to ‘Automatic’
  14. Click on the ‘Start’ button

  1. Click ‘OK’ to close the window and close the Services window.

All applications in the Microsoft Games folder will now be unable to run. If a user tries to run one of the applications they will see the following message: