Use Applocker in Windows 7 to Restrict Access to Programs

We all are aware of the amazing features and the user friendliness of Windows 7. Adding another feather to its illustrious cap is the application of “Applocker”.

Now a days we need to share our computer for various unavoidable purposes and by doing this we lose our privacy which again goes against our will. Hence to come out of this problem we will show you how you restrict access to some programs while you computer is shared using Applocker in Windows 7 ( Ultimate and Enterprise Versions).

Read also: Access Any Computer Remotely By Remote Desktop Connection.

Use Applocker in Windows 7 to Restrict Access to Programs

The Way out in detail :

1. The first and foremost step is to know how to use Applocker. For this what you should do is go to the start button and then type “gpedit.msc” and then press “Enter”.

2. The Group Policy Editor should open up. Once it is there in front of you just follow the given path : “Computer Configuration > Windows Settings > Security Settings > Application Control Policies > AppLocker”


3. Now Applocker will open up.

4. In the bottom half under Configure Rule Enforcement box click on the link entitled “Configure rule enforcement”.


5. What opens up is nothing but Applocker properties. In this window, under the tab “Enforcement“, mark the option “Configured” and then click on “OK”.

6. Once you have completed the above steps , click on “Executable Rules” under the “Overview section.

7. A blank page opens up. This is because you are using Applocker for the first time and no rules have been listed. So right click and then choose the option “Create New Rule…“.

8.  The Create Executable Rules wizard opens up. You can opt for not showing the introduction screen when the wizard is opened henceforth.

9. In the given window choose the option “Permissions” and under the tab “Actions” select “Deny“.

10. A new window opens requiring you to select the user or the group you want blocked.

11. After selecting the action to deny and the user is selected, proceed with the process.

12. First select “Conditions” and there you have three options to block : “Publisher“, “Path” or “File hash“. Here suppose  we want to block somebody called John from accessing any game, so we select “Path“.

13. Another window opens up where you are required to tap on “Browse Folders” and click the Microsoft Games folder.
14. The next step allows you to add some exceptions i,e to allow access to some programs but as we are here blocking all the games, we shall skip this step.

15. The next window in your screen sets you to have a description for your rule which helps you to select the one you want, in case you have a number of rules configured. On completion finally check everything and then click on “Create“.
16. A message should be displayed that no default rule has yet been created. As it is very much essential to create it so click on “ Yes” in the message window. Once you have done it you can see the new rule that you created.

17. Once the rule is created,  go to services and make sure “ Application Identification” is running and that it’s configured to start automatically. Failure of these two conditions result in non-functioning of the rules. A user needs to manually enable this feature, since by default it remains disabled .

18. Your job is done!!! The next time John attempts accessing the selected program he will receive a message that the program is blocked. This can be changed only by the administrator.

We hope your problem have been solved. But please be careful while setting up rules and start the Application Identity Service only after checking every previous step. Else this may result in a situation where you yourself are blocked out of all programs in your own system –  AppLocker included!