Applocker - Server 2008 R2 or Windows 7 or higher: Using GUI Wizard configure:

-Executable Rules (.exe, .com) -DLL Rules (.dll, .ocx) -Script Rules (.psl, .bat, .cmd, .vbs, .js) -Windows Install Rules (.msi, .msp, .mst) Steps to employ Applocker (GUI is needed for digital signed app restrictions):

Step 1: Create a new GPO.

Step 2: Right-click on it to edit, and then navigate through Computer Configuration, Policies, Windows Settings, Security Settings, Application Control Policies and Applocker. Click Configure Rule Enforcement.

Step 3: Under Executable Rules, check the Configured box and then make sure Enforce Rules is selected from the drop-down box. Click OK.

Step 4: In the left pane, click Executable Rules.

Step 5: Right-click in the right pane and select Create New Rule.

Step 6: On the Before You Begin screen, click Next.

Step 7: On the Permissions screen, click Next.

Step 8: On the Conditions screen, select the Publisher condition and click Next.

Step 9: Click the Browse button and browse to any executable file on your system. It doesn't matter which.

Step 10: Drag the slider up to Any Publisher and then click Next.

Step 11: Click Next on the Exceptions screen.

Step 12: Name policy, Example uonly run executables that are signed" and click Create.

Step 13: If this is your first time creating an Applocker policy, Windows will prompt you to create default rule, click Yes.

Step 14: Ensure Application Identity Service is Running.

C:\\> net start AppIDSvc
C:\\> REG add "HKLM\\SYSTEM\\CurrentControlSet\\services\\AppIDSvc" /v Start /t REG_DWORD /d 2 /f

Step 15: Changes require reboot.

C:\\ shutdown.exe /r
C:\\ shutdown.exe /r /m \\\\<IP ADDRESS OR COMPUTER NAME> /f

Add the Applocker cmdlets into PowerShell: