Windows AppLocker

Applies To: Windows Server 2008 R2

AppLocker is a new feature in Windows 7 and Windows Server 2008 R2 that allows you to specify which users or groups can run particular applications in your organization based on unique identities of files. If you use AppLocker, you can create rules to allow or deny applications from running.

Today's organizations face a number of challenges in controlling application execution, including the following:

  • Which applications should a user have access to run?

  • Which users should be allowed to install new software?

  • Which versions of applications should be allowed?

  • How are licensed applications controlled?

To meet these challenges, AppLocker provides administrators with the ability to specify which users can run specific applications. AppLocker allows administrators to control the following types of applications: executable files (.exe and .com), scripts (.js, .ps1, .vbs, .cmd, and .bat), Windows Installer files (.msi and .msp), and DLL files (.dll and .ocx). This helps reduce the organization's cost of managing computing resources by decreasing the number of help desk calls from users running inappropriate applications.

The following topics provide more information about AppLocker: