Applocker Windows 10 Pro

  • Alternatives to Applocker for Windows, Android, Android Tablet, Mac, Linux and more. Filter by license to discover only free or Open Source alternatives. This list contains a total of 10 apps similar to Applocker. List updated: 8:46:00 AM.
  • AppLocker only work in Windows 10 Enterprise or can you use Windows 10 Pro? You can restrict users to a specific set of apps on a device running Windows 10 Enterprise or Windows 10 Education by using AppLocker. About how to use it in details, please read this guide: Lock down Windows 10 to specific apps.
  • Jul 12, 2016 at 9:04 AM. You are correct. The 1511 build of Win 10 removed the ability of group policy to control/remove apps. Just so you know, the anniversary edition of Win 10 (due out soon) will completely remove AppLocker from Win 10 professional. AppLocker is to become a Windows 10 enterprise only feature.

Windows Server 2019 Beginners Video Tutorials By MSFTWebcast: In this video I will walk you through how to create rules in AppLocker to prevent users from ac.

In this post I will give you a quick overview about cloud configuration of AppLocker using Intune and MDATP.

AppLocker has been with us for quite some time now reaching back all the way to good old Windows 7. Although it is not the best solution from a technical point of view (there’s Windows Defender Application Control including TPM-enforced policy signing) it is still a good way to build a quick solution to stop users from installing software or executing unwanted applications. It is one of my recommendations for a secure Windows 10 baseline.

In this post I assume that you are already some kind of familiar with AppLocker. I will focus on how you can shift it to Intune for deployment and Microsoft Defender ATP’s Advanced Hunting capabilities for monitoring and policy refinement.

Configuration in Intune

First export your AppLocker configuration from either the Group Policy Management Console in Active Directory or from your local GPEdit Console. Even in a cloud-only scenario with Azure AD joined clients you can still use the latter to build the policy. It will look something like this:

Now we need to jump over to the Intune console to create a new Windows 10 configuration profile using the “Custom” profile type:

For each of the five different rule collections a distinct entry must be added. These are the OMA-URIs you have to use:

  • AppLocker EXE:
    ./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/Native/EXE/Policy
  • AppLocker MSI:
    ./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/Native/MSI/Policy
  • AppLocker Script:
    ./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/Native/Script/Policy
  • AppLocker Appx:
    ./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/Native/StoreApps/Policy
  • AppLocker DLL:
    ./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/Native/DLL/Policy

Find out more in the official AppLocker CSP documentation:
https://docs.microsoft.com/en-us/windows/client-management/mdm/applocker-csp

Data type has to be set to “String”, Value equals each <RuleCollection> section from the AppLocker xml. Here’s an example for the EXE rule collection:

The Value text field must contain each rule collection xml section including <RullCollection …> and </RuleCollection> as marked here in Notepad++:

Once you have added all rule collection types it will look something like this:

Don’t forget to assign the profile to all users and/or devices you want to target. Although it might seem obvious please remember that deploying any kind of application control in enforced mode could break things without testing it first. So you might want to use AppLocker in audit mode first.

Monitor AppLocker events in MDATP

Now we head over to the Microsoft Defender Security Center selecting the Advanced hunting sub-menu. There we add the following query:

MiscEvents
| where EventTime > ago(14d) and
ActionType startswith 'AppControl'
| order by EventTime desc

Applocker

Just paste it to the query text field:

You can modify the query at any time, e.g. by changing the EventTime filter to cover more days in the past. Once you run the query you get all files that are recognized by AppLocker (or Defender Application Control):

Depending on how you use AppLocker you can extract information about either paths, file names, signature, or file hashes to enhance your policy which you would then edit in either GPMC or GPEdit. Then you can continue by exporting it as xml and pasting each rule collection into the Intune profile again.

Thanks for reading!

Chris

-->

Applies to

  • Windows 10
  • Windows Server

This topic for the IT professional lists software requirements to use AppLocker on the supported Windows operating systems.

General requirements

To use AppLocker, you need:

  • A device running a supported operating system to create the rules. The computer can be a domain controller.
  • For Group Policy deployment, at least one device with the Group Policy Management Console (GPMC) or Remote Server Administration Tools (RSAT) installed to host the AppLocker rules.
  • Devices running a supported operating system to enforce the AppLocker rules that you create.

Microsoft Applocker Download Windows 10

Note: You can use Software Restriction Policies with AppLocker, but with some limitations. For more info, see Use AppLocker and Software Restriction Policies in the same domain.

Enable Applocker Windows 10 Pro

Operating system requirements

The following table show the on which operating systems AppLocker features are supported.

VersionCan be configuredCan be enforcedAvailable rulesNotes
Windows 10YesYesPackaged apps
Executable
Windows Installer
Script
DLL
You can use the AppLocker CSP to configure AppLocker policies on any edition of Windows 10 supported by Mobile Device Management (MDM). You can only manage AppLocker with Group Policy on devices running Windows 10 Enterprise, Windows 10 Education, and Windows Server 2016.
Windows Server 2019
Windows Server 2016
Windows Server 2012 R2
Windows Server 2012
YesYesPackaged apps
Executable
Windows Installer
Script
DLL
Windows 8.1 ProYesNoN/A
Windows 8.1 EnterpriseYesYesPackaged apps
Executable
Windows Installer
Script
DLL
Windows RT 8.1NoNoN/A
Windows 8 ProYesNoN/A
Windows 8 EnterpriseYesYesPackaged apps
Executable
Windows Installer
Script
DLL
Windows RTNoNoN/A
Windows Server 2008 R2 StandardYesYesExecutable
Windows Installer
Script
DLL
Packaged app rules will not be enforced.
Windows Server 2008 R2 EnterpriseYesYesExecutable
Windows Installer
Script
DLL
Packaged app rules will not be enforced.
Windows Server 2008 R2 DatacenterYesYesExecutable
Windows Installer
Script
DLL
Packaged app rules will not be enforced.
Windows Server 2008 R2 for Itanium-Based SystemsYesYesExecutable
Windows Installer
Script
DLL
Packaged app rules will not be enforced.
Windows 7 UltimateYesYesExecutable
Windows Installer
Script
DLL
Packaged app rules will not be enforced.
Windows 7 EnterpriseYesYesExecutable
Windows Installer
Script
DLL
Packaged app rules will not be enforced.
Windows 7 ProfessionalYesNoExecutable
Windows Installer
Script
DLL
No AppLocker rules are enforced.

AppLocker is not supported on versions of the Windows operating system not listed above. Software Restriction Policies can be used with those versions. However, the SRP Basic User feature is not supported on the above operating systems.

See also