- Download Windows Server 2012
- Should you not have access to a lab, follow this Step-By-Step to setup your own lab
Configuring an AppLocker Policy for an Individual App
- In Server Manager, click Tools > Group Policy Management.
- In the tree pane, expand Forest: <YourOrganization.com> > Domains.
- Right-click <YourOrganization.com> and select Create a GPO in this domain, and Link it here.
- In the New GPO dialog, type Windows 8 AppLocker Policy and click OK.
- Expand <YourOrganization.com>, Right-click Windows 8 AppLocker Policy, and click Edit. The Group Policy Management Editor appears. If you are prompted, click OK.
- In the tree pane, expandComputer Configuration\Policies\Windows Settings\Security Settings and click System Services.
- In the details pane, double-click Application Identity.
- In the Application Identity Properties dialog, click the Define this policy setting checkbox and select the Automatic radio button.
Note: Because AppLocker uses this service to verify the attributes of a file, you must configure it to start automatically in at least one Group Policy object (GPO) that applies AppLocker rules.
- Click OK.
- In the tree pane, under Computer Configuration\Policies\Windows Settings\Security Settings expand Application Control Policies and click AppLocker.
- In the details pane, click Configure Rule Enforcement. The AppLocker Properties dialog appears.
- Under Packaged app Rules, click the Configured checkbox, and verify that Enforce rules is selected.
- Click OK.
- In the tree pane, expand AppLocker and click Packaged app Rules.
Note: Currently no rules are configured.
- Right-click Packaged app Rules and click Create Default Rules.
- Right-click Packaged app Rules, and click Create New Rule. The Create Packaged app Rules wizard appears.
- On the Before You Begin page, click Next.
- On the Permissions page, select the Deny radio button and click the Select button. The Select User or Group dialog appears.
- In the Select User or Group dialog, type domain users, click Check Names and then click OK.
- Click Next.
- On the Publisher page, select the Use a packaged app installer as a reference radio button.
- Click Browse, navigate to an application such as notepad.exe, and click Open.
- Click Next.
- On the Exceptions page, click Next.
The application chosen should now disallow use on the Windows 8 machine. Creating this GPO disallows the user to run said app. More uses for AppLocker on Windows 8 will also be showcased on future Windows 8 posts.