Lock a program using AppLocker in Windows 7

If you do not want a program to run, you can lock it down using the AppLock feature in Windows 7. This is very useful if you have children in your home using your PC and you do not want them to open a browser to surf internet etc. This is how :

Note : You must have the administrator level access to follow these steps.

  1. Press the key combination Windows logo key + R to open the Run dialog.
  2. Type gpedit.msc in the Run dialog and press Enter. This would start the Local Group Policy Editor.
  3. In the Local Group Policy Editor, navigate to Computer Configuration → Windows Settings → Security Settings → Application Control Policies → AppLocker → Executable Rules as shown

  4. Right click in the right side pane and select Create New Rule. This would start Create Executable Rules wizard. Click Next to continue.
  5. On the Permissions window, select Action : Deny and User : Everyone. Click Next. Choosing Everyone will lock the application for every user on your computer including yourself. If you want to select only a particular user then click on the Select button and select a user.

  6. On the Conditions page, select Path and click Next. This way we would be able to choose a file by its folder location. If you want to block all the applications of a particular publisher (like Microsoft or Adobe), then choose Publisher. The publisher method works only for digitally signed applications. If you want to block an application based on its hash, then you can choose File Hash. The hash method is good for portable applications for which path is changing or not constant.

  7. Choose one or more files or a folder by clicking on Browse Files or Browse Folders. If you choose a folder, all the contents of that folder will be affected by the rule (all the executables inside the folder will be locked).

  8. In the next window, you have to add an exception. If you add an exception, the program will not be locked in case the exception condition is met. We are not going to add any exception in this tutorial, so just click Next.
  9. Next choose a name and description for the rule. You can leave the rule name as it is and add a description as shown. Click Create when done.

Note : Windows AppLocker will not work if the Application Identity service is not running. To run this service, press the key combination Windows logo key + R to open the Run dialog. In the Run dialog, type sc start AppIdSvc and press Enter.

When a rule is created, Windows will block that program from running. Windows AppLocker is supported in Windows 7 Ultimate and Enterprise editions only. Windows 7 Professional can be used to create AppLocker rules but these rules do not work on a Windows 7 Professional computer.