If you share a computer and don’t want other users accessing certain applications, there is a feature in Windows 7 and Window 2008 R2 that allows you to block certain application on the network
We look at restricting what programs other users can access using AppLocker.
Note: AppLocker is only available in Ultimate and Enterprise versions of Windows 7.
AppLocker is the successor of Software Restriction Policies introduced first in the Windows XP and Windows Server 2003 computers. The AppLocker can be used to allow or deny the execution of an application, file, EXE, DLL, etc. The AppLocker provides the following enhancements:
The process
To create rules in AppLocker you’ll need to logged in as Administrator. Click on Start and type
gpedit.msc into the search box and hit Enter.
Under Local Computer Policy go to Computer Configuration \ Windows Settings \ Security Settings \ Application Control Policies \ AppLocker.
Now you will see the overall controls for the applications on the right hand plane after clicking the AppLocker. Under Configure Rule Enforcement click on the
Configure rule enforcement link, from the right plane
Fig C
Now under AppLocker Properties check the boxes next to
Configured under Executable rules then click Ok.
The Next process is how to block a particular operation. This could be achieved as a group policy on the domain or blocking individual from accesing a particular application on a computer.
The process here for example highlight on individual on a particular computer, blocking window media player to be accessed on a particalar system.
From fig C, scroll down the right plane frame untill you get to overview section. Under the Overview section click on Executable Rules. Then the diagram below would appear. Right click inside the white window to create a new rule
This opens up the Create Executable Rules wizard and you can select not to show the introduction screen at start up for the next time you access it.
under the permission, click the radio button deny. Add the user you intend to deny as shown on the small box tagged 'select user or group' , click OK and continue to next step.
You can select from Publisher, Path or File hash. Select path if you do not want user (wumi) to have access to any of the window media player as shown below
Click on Browse Folders and select the Microsoft window media player you intend to deny ( could be any application). In the next screen you could add Exceptions like allowing certain files, but because we are blocking the entire window media content we’ll skip to the next screen.
The next box that appear is where you will add a description to the rule so you can keep track of them in case there are several rules already configured.Click on Create.
Again, a message pops up saying default rules have not been created yet and it is important to create it, so click Yes to this message as shown below
Now you will see the default rules and the new one you created showing denied access to the Microsoft Window medai in red alert.
Finally, go to services and make sure that
Application Identification is started and it’s set to automatically start , otherwise the rules won’t work. By default this service is not started so you will need to enable it as shown below.