Windows AppLocker prevents users from installing or running applications
In Windows 10 and Windows 8.1, Applocker has evolved and lets you block legacy as well as Windows Store apps.
How to use AppLocker in Windows 11/10
To prevent users from installing or running Windows Store Apps with AppLocker in Windows, type secpol.msc in Run and hit Enter to open the Local Security Policy Editor.
In the console tree, navigate to Security Settings > Application Control Policies > AppLocker. Select where you want to create the rule. This could be for an Executable, Windows Installer, Scripts or in the case of Windows 10, a Windows Store packaged app. Let us say you want to create a rule for Packaged apps. Right-click on Packaged apps and select Create Rule. You will see a Before You Begin page.
Click Next to reach the Permissions page.
On this page, select the action viz. Allow or Deny and the User or User Group you want the rule to apply. Click Next to reach the Conditions page.
Select how you want to create the rules – base on Publishers, File Path, or Has. I have selected Publishers, which is the default. Click Next to reach the Publisher page.
Here you can browse for and select a Reference for the Packaged app and set the Scope for the rule. Settings for Scope include: The options for Reference include: After making your selections, click Next again. If you wish, on the Exceptions page you may specify conditions when to exclude the rules, and on the Name and Description page, you can accept the automatically generated rule name or type a new rule name, and click Create. You can read more about creating rules for Packaged Windows Store apps here at Technet. Do note that for the AppLocker to work on your system, the Application Identity service must be running on your computer. Also, the Group Policy Client service, gpsvc, required for running AppLOcker, is disabled by default on Windows RT, so you may have to enable it via services.msc.
Difference between AppLocker in Windows 11/10 & Windows 7
The AppLocker in Windows 10 allows you to also create rules for Packaged Windows Store apps. Moreover, the Windows 10/8 AppLocker rules can also additionally control the .mst and .appx file formats.
This app has been blocked by your system administrator
If as a user, you find that when you start any Windows Store app (or traditional software) you receive the message: This app has been blocked by your system administrator, you will have to contact your Administrator and ask him to create rules to allow you to use (or install) the software.
To create and enforce AppLocker rules, the computer must be running Windows 11/10, Windows 8 Enterprise, Windows 7 Ultimate, Windows 7 Enterprise, Windows Server 2008 R2 or Windows Server 2012. You can also block users from installing or running programs using the Registry or Group Policy. PS: Windows Program Blocker is a free App or Application blocker software to block software from running on Windows 10/8/7.
