App Locker

App locker is the newer version of Software restriction Policies. Both can be found in the Local Security Policy editor. Application control policies allow you to explicitly permit applications that can run. To enable AppLocker select configure rule enforcement and then configure all the options as show below.

You want to set it up as Audit only instead of enforce rules to prevent issues with user applications. Under advance you can enable DLL file enforcement. This is dependent on your orginization.

Next go to your executable rules. There you can right click and enable the default profile. This will allow all critical system functions, programs in program files, and administrators to run programs. The other rules sections also have default policies that you can enable.

For AppLocker to work properly you need to ensure that the Application Identity service is working. To enable it on start up you need to run sc config appidsvc start=auto from an administrative command line.

You can navigate to Applications and Services Log in eventviewer to see the logs that are created. Navigate to Microsoft then Windows then Applocker you can view the logs.

Make sure to restart the computer to apply policy. If your policies are too restrictives you may need to open the Local Security Policy editor through run by typing secpol.msc. Make sure to enable packaged app rules default so you can use the windows start menu and stuff.