1. Create AppLocker Rule
-
Select Computer Configuration -> Windows Configuration -> Security Settings -> Application Control Strategy -> AppLocker
- Right-click the account "executable rule", choose "create a new rule."
- After you click "Create new rule" to open the following window, click "Next":
- Operation selection Select "reject", and select the appropriate user or user group for this rule, where the EveryOne configuration, and click into the next step.
- Here select the "path", and then click Next:
- Select the PowerShell program path (default address: c: \ Windows \ System32 \ WindowsPowerShell \ v1.0 \), then the next step:
- Specify a name for the new rule, and then click "Create":
- The following prompt box appears select "Yes":
- Right-click and select Properties AppLocker, and then under "executable rule", select "mandatory rules" check "has been configured."
Note:
1, to ensure that Application Identify service started and set to boot from the start. If the service does not start the normal Applocker Rule can not run correctly.
2, add a good strategy, execution Gpupdate Group Policy can be updated.