Application Lockdown with AppLocker on Windows Embedded Standard 7

A common requirement for Windows Embedded Standard 7 devices is controlling what applications can run on the system. Since Windows Embedded Standard 7 is based on Windows 7, we can leverage a new technology that has been introduced: AppLocker. AppLocker builds and improves on Software Restriction Policies (SRPs) to allow for easy and flexible application […]

A common requirement for Windows Embedded Standard 7 devices is controlling what applications can run on the system. Since Windows Embedded Standard 7 is based on Windows 7, we can leverage a new technology that has been introduced: AppLocker. AppLocker builds and improves on Software Restriction Policies (SRPs) to allow for easy and flexible application lockdown. In terms of Standard 7 specific information, in order to get AppLocker to work you must include Application Security, Windows Installer, and Group Policy packages at a minimum. Packages necessary to configure it depend on which of its two configuration methods you want to use: 1. AppLocker can be controlled through a series of Powershell commandlets, which can get, set, and test application control policies 2. next method is by using easy step-by-step wizards that simplify AppLocker’s configuration. To configure AppLocker through wizards, you must include Group Policy’s optional dependencies that allow you to run Local Group Policy Editor, which you can start by running “gpedit.msc”. AppLocker is located under “Computer Configuration -> Windows Settings -> Security Settings -> Application Control Policies” in that window.