Add security locks to Windows 7 with AppLocker

Do not forget to run AppLocker is enabled services

First, right-click on the computer, select "Management → Services", find the "Application Identity" service and set to start automatically. This step is very important because AppLocker will only take effect if it is set to autostart.

Then type "gpedit.msc" in the search box in the start menu to start the Group Policy Editor. Expand Computer Configuration→Windows Settings→Security Settings→Application Control Policy, and you will see a related setting item called AppLocker.

After selecting this setting item, you can see three types of "executable rules", "Windows installer rules" and "script rules" in the right window. You can create a new rule by right-clicking on each rule, and you can create a corresponding action rule according to your needs.

Tip: The first time you use AppLocker, you must restart your computer after the configuration is complete to make the policy take effect.

Chopper small scale so that the virus can not do anything flash

Usually we often use the flash, use it to transfer or share files. But now the flash virus is very rampant and often causes our system to be repeatedly poisoned. At this point we can use AppLocker to create a corresponding rule to avoid the destruction of the system by the flash virus. One of the key files for flash virus propagation is "AutoRun.inf", so you only need to disable this file from running.

First, we select "Script Rule" in the left window list, then right-click in the right window and select the "Create New Rule" command. Then the system will pop up the "Create Script Rule" window. . Select "Reject" in the "Action" of the window, then select "Everyone" in "Users or Groups", and then click the "Next" button. Then select the "Path" option in the creation conditions of the window, and then click "Next". Then type "?:\\AutoRun.inf" in the "Path" box and continue to click the "Next" button. Since there are no other required operations in the back, just click the "Create" button to complete the creation of the rule. Now plug in the flash, it will not be poisoned by the automatic operation of the flash.

Tip: According to the above settings, the auto-run function of flash and disc will be disabled. If you only want to disable the auto-run function of flash, just specify the drive letter of the flash. In addition, AppLocker can use the relative path or system variable of a file or folder in addition to the absolute path of the file or folder. For example, "%WINDIR%" represents the location of the operating system directory, and "%TEMP%" represents the current system default temporary directory.

Advanced Application Protection System File Security

The current computer virus is pervasive, even if you are careful, you may be caught. Many viruses use Windows to "over-trust" files in their own directories to run or infect system files, so we can write a rule that prohibits virus executables from running in the system directory. The principle is very simple, you only need to prohibit other program files in the Windows directory except the system executable file.

Similarly, create a new executable rule in the right window. First select "Reject" in the "Action" of the window, select "Everyone" in "User or Group", click the "Next" button, select the "Path" option in the creation condition of the window, and then in the "Path" box Enter "%WINDIR%\\*.exe", then select "Publisher" in the "Exceptions" window and click the "Add" button. Click the "Browse" button in the pop-up window. Feel free to select a Microsoft program file from the pop-up window, then move the slider to the "Publisher" position, then click the "OK" button in the window to confirm the relevant settings. At this time, you can see the publisher's information in the "Exceptions" list, and finally click the "Create" button to complete the rule creation.

Tip: Due to the exception of Microsoft as a publisher, all the software that comes with the system in the system directory can run normally, and the virus or Trojan can not run even if it "sneaked into" the system directory. It is impossible to tamper with system files, and it cannot harm the security of the system and users. At the same time, the path or file name in the rule can also use wildcards, which makes it easy to set a certain type of file, such as "?:\\*.exe", which means any executable file in any directory, "D :\\*" means any file under the D drive. However, this operation requires a certain computer foundation, and the novice should be used with caution!

Extended application restrictions Known program running

In fact, in addition to the active virus defense function, AppLocker can also be used to limit the known Run the program software!

For example, if you need to restrict your child to run a certain game, you can create rules through AppLocker to prevent the game from running. If the game doesn't need to be installed, then using the "path" to judge, obviously can't avoid the problem that the child can run the game to other directories, but it doesn't matter, just create a "file hash" type rule. This way, no matter where the game moves, the rule will stop the file hash as long as it finds that the file hash is the same value.

In addition, some important files are stored in our computer. In order to prevent others from modifying, you can use AppLocker to create rules to protect these files. The method is very simple, just temporarily disable the software program that opens these files.

Through the introduction, we can understand that using AppLocker can protect system files well, so as to avoid damage caused by computer viruses to system files. As long as the system files are intact, even if the virus infects certain applications, it will not affect the normal operation of the system. In this case, you can use the anti-virus software to easily get the virus. how about it? Try it out!

Comments: AppLocker is a new feature in Win 7, and there is no option for this feature in the control panel, so many users don't understand its function, don't even know it. The presence. In fact, the flexible use of AppLocker can effectively manage how users run all types of application files, including executable files, script files, program installation files and dynamic link library files, etc., and can well protect system file security, not afraid of unknown viruses. damage. In addition, the flexibility to use AppLocker's rule combination can also achieve more features. For example, only users with certain permissions are allowed to run a certain program, and only a certain user can run certain software or existing software in a certain directory.

AppLocker Q & A

Q: how do if my main program is not installed in the system directory, but they also want to add protection?
A: Very simple, create rules, add your program or program installation directory, and then in the "rejected" "exceptions" list as needed to make specific settings.

Q: What if some software is not in the allowed directory or not in the exception list?
A: It's also very simple, just right click and run as administrator.

Q: Some software itself needs some file write permission, or will generate new files (such as download), what should I do?
A: Give the relevant directories and files "Authenticated Users" users full control rights.