Applocker is a cool new feature for the IT Pros that lets them easily control the desired application installations and settings on the users’ computers. AppLocker provides a simple and powerful structure through three rule types: allow, deny, and exception. It allows for much greater flexibility than what the Software Restriction Policies provided in Windows Vista like:
1. Using exceptions, you can create a rule to “allow everything in the Windows Operating System to run, except the built-in games.”
2. AppLocker introduces publisher rules that are based upon application digital signatures. For example you can create a rule in your organozation like – “allow all versions greater than 9.0 of the program Acrobat Reader to run if it is signed by the software publisher Adobe.”
3. For example, you could create a rule to “allow the Graphics Department to get updates directly from Adobe for Photoshop as long as it is still Adobe Photoshop version 14.*”.
Creating a Rule for an Executable:
Who it can be applied to?
AppLocker rules can be associated with a specific user or group within an organization.
For example “allow people in the Finance Department to run the Finance line of business applications.”
What file types are supported?
AppLocker supports multiple, independently configurable policies: executables, installers, scripts & DLLs.
What kind of conditions (rules) can be set?
Adding an Exception
You can create similar rules based on Widlows Installer files and scripts also!!