How to set up AppLocker restrictions on Windows 10 Pro?

I'm installing an office PC in a small business and I was wondering how do I enable AppLocker restrictions?

It seems like I've set them up in the gpedit.msc console, then started up AppIdentity service (set it to auto-run) but no matter what I do, the restrictions are not enabled, even though this site says that AppLocker is supported on Windows 10 Pro.

Any idea how to use that AppLocker on Win10?

PS. I want to white-list which software (executables) and what types of files can be opened on that machine.

Brink said:

Hello @ahmd,

If you like, here are out AppLocker tutorials below that may be able to help with this for you.

• Use AppLocker to Allow or Block DLL Files from Running in Windows 10
• Use AppLocker to Allow or Block Executable Files in Windows 10
• Use AppLocker to Allow or Block Script Files in Windows 10
• Use AppLocker to Allow or Block Windows Installer Files in Windows 10
• Use AppLocker to Block Microsoft Store Apps in Windows 10
• Export and Import AppLocker Policy for Rules in Windows 10
• Clear AppLocker Policy in Windows 10
• Delete AppLocker Rule in Windows 10

Dude, thanks for the info and sorry for my late reply. I've been bashing my head against it but I still can't make it work. I did everything like it says there but it still didn't do anything. It doesn't block anything. The only difference that I see in your tutorial is this line:

This tutorial will show you how to use AppLocker to allow or block specified executable (.exe and .com) files to run for all or specific users and groups in Windows 10 Enterprise and Windows 10 Education.

Like I said I have Pro.

Brink said:

Ah, that would be the problem then.

https://docs.microsoft.com/en-us/win...-use-applocker

Well, am I not seeing it? It says YES in two places:

Brink said:

It's in the Notes bit to the right of that.
I tested enforcing an .exe policy on my Windows 10 Pro, and it doesn't get enforced.

Yeah, I saw it too. Do you mean this?

You can use the AppLocker CSP to configure AppLocker policies on any edition of Windows 10 supported by Mobile Device Management (MDM). You can only manage AppLocker with Group Policy on devices running Windows 10 Enterprise, Windows 10 Education, and Windows Server 2016.

I'm sorry. I spoke English for the last 39 years but I have no idea what that paragraph says. I checked the link in it and it has some weird diagrams and XML but I have no idea how it can apply to AppLocker.

I can easily follow the tutorial that you linked to. But not that one.

Can you please explain what it all means?

Brink said:

You can also use Option One below to block application (exe) files using group policy. I just tested on my Windows 10 Pro.

Applications - Prevent Running Specified Programs - Windows 7 Help Forums

Yeah, I've been using those old GPOs on our old Win7 machine too. Unfortunately they are very broad and easy to bypass or miss.


Just curious though, while googling around I found this link that shows how to use that "AppLocker CSP":
https://blogs.technet.microsoft.com/...applocker-csp/

I believe the guy exported that XML file from the gpedit.msc snap-up. I'm not quite sure where am I supposed to place it though?


Also a second question, have you ever tried using "Software restriction policies"? If so, how does that work?