How to install and configure Applocker to improve Application Control & Security

Applocker is a feature that gives you another one Level of security

The purpose is to restrict or allow the access in software's to the specific group of users.

It's not a new technology but you can protect your data from threads.

Today lot of application aren't need administrator access to run. As IT Pro this is a threat for your environment.

While install and configure Applocker can increase the cybersecurity and protect your data from any unathorise access.

If you are thinking why to use Applocker the answer is here.

You can use it to protected against unwanted software , Software standardization , Software management.

If you want to more details you can read the AppLocker policy use scenarios in Microsoft Docs.

Today i will install and Deploy through GPO Applocker in specific Servers.

Applocker can be deploy in the following Windows Versions

So let's start !!

Before start to implement Applocker you must be know exactly which Applications must be allow to run.
This is the most important step because if you try to apply Applocker without note down what Applications must be allow then you will create lot of problems in your users and the daily operation of your company.
In case that you are not sure 100% which is the Applications that must be allow you can use Applocker in Audit Mode to identify all the applications.

How to enable Applocker

Login in the Domain Controller and open the Group Policy Management.
Right click in the Organization Until that you want to create the Applocker Policy and select Create a GPO in this Domain and link it here.

Type the preferred name and click OK
Now click on the new Policy and in Security Filtering click Add and select Domain Computers Group or any other Group that you have create and include the Servers or Workstations that you would like to deploy it.
Remember to included in the specific Organization Unit which has Link the Applocker GPO.
Unless you must link the GPO in the Organization Units which included all the Server or Workstations that you want deploy the Applocker

Right click in the new Policy and select Edit
Go in Computer Configuration\Windows Settings\Security Settings\Application Control Policies\Applocker
Expand the Applocker
Right click in Executable Rules and select Create Default Rules

The Default Rules are
- All files located in the Program Files folder
- All files located in the Windows folder
- All files for the Builtin\Administrators Group.
Until familiarize with Applocker It's recommended to create and leave these Rules in the beginning because you don't want to break things.

The Audit Only mode it's not Allow or Deny just write down Logs in Event Viewer.
With this way we can identify all the Applications that must run or not before start to Execute Applocker Rules.

We don't want to create any Rule until verify that Applocker works without problems.

So what we can do ?

We can Deploy Applocker in a Test Server and not in Production Server until familiarize and identify any issue.

To run the Applocker you must start the Application Identity Service in the Server that you would like to deploy.
In the Applocker GPO go in Computer Configuration\Windows Settings\Security Setting\System Services.
Find the Application Identity Service

Right click in the Service and select Properties.
Check the Define this policy Settings
Check the Automatic.
Click OK
Now when you apply the Applocker GPO the Application Identity service will start.