We start by creating a rule for executables. Still, we will use it to create the scripts that will be used later to enable AppLocker on Windows 10 Pro and Windows 11 Pro. The GUI is for enterprise and education edition users only using it on Pro does not enable AppLocker. If you were hoping Microsoft would let you use this built-in GUI, you would be mistaken.
cmd, etc.), and packaged apps (modern apps from the Windows Store, including those preinstalled by Microsoft, such as the weather app, calculator, and Paint 3D). Below that, you will see four sections containing governing rules for executables (.exe), Windows installer files (.msi and. I recommend trying this on a virtual machine, which enables you to create and return to snapshots in case you lock yourself out.įirst, open secpol.msc and navigate to Application control policies > AppLocker. Things might look a bit different on Windows 11.ĭisclaimer: If you are unaware, AppLocker is able to render the OS completely unusable when configured incorrectly. Note that all screenshots come from Windows 10 Pro. Honestly, I don't think AppLocker is for the Home edition. Even though Windows 10 Home and Windows 11 Home allow applying these rules, there is no easy way to create these rules for the Window Home edition. You will need Windows 10 Pro or Windows 11 Pro. However, Sandy did not go into detail about the syntax she left us working examples, but she didn't explain how she put them together. Sandy Zeng (Microsoft MVP) seems to be the first who published working scripts.
In fact, you only need to know how to script it. It did not take long until someone had a look at the internals and found out that not even MDM licenses were required to make it work.