AppLocker is a set of Group Policy settings that evolved from Software Restriction Policies, to restrict which applications can run on a corporate network, including the ability to restrict based on the application’s version number
Publisher rules: This condition identifies an application based on its digital signature and extended attributes. The digital signature contains information about the company that created
the application (the publisher). The extended attributes, which are obtained from the binary resource, contain the name of the product that the application is part of and the version number of the application.
Path rules: This condition identifies an application by its location in the file system of the computer or on the network.
File hash: This condition identifies an application which is not digitally signed can be restricted by a file hash rule instead of a publisher rule.
If you want to apply this role on computer administrator then right-click on the BUILTIN\Administrators rule and click Delete.
Now we will active the Application Identity service to enable AppLocker on the computers
Now when users try run program he will get this warn
This article was originally posted at