How Can We Help?
< All Topics
Print

AppLocker – Default Mode

ByITHU

Enable AppLocker with Windows Defaults

AppLocker is a Windows feature that controls which applications, scripts, and installers can run. To enable it, the Application Identity service must be set to start automatically. Once enabled, you can apply the built-in default rules, which allow all files in Windows and Program Files to run, and give administrators full access. These defaults provide a safe baseline that prevents most unauthorized apps while ensuring the operating system and standard software continue to function.

Enable AppIDSvc

🔹 Why

  • AppLocker relies on AppIDSvc to evaluate rules against executables, scripts, MSIs, and packaged apps.

If AppIDSvc is Stopped or Disabled:

  • All applications run normally (as if no AppLocker rules exist).
  • No audit or enforcement events are generated.

GPO Location: Computer Configuration\Policies\Windows Settings\Security Settings\System Services

Service: Application Identity = Automatic

GPO Location: Computer Configuration\Policies\Windows Settings\Security Settings\Application Control Policies\AppLocker

Executable Rules

Right Click “Executable Rules” and select “Create Default Rules” this will then create the default rules as below.

Windows Installer Rules

Right Click “Windows Installer Rules” and select “Create Default Rules” this will then create the default rules as below.

Script Rules

Right Click “Script Rules” and select “Create Default Rules” this will then create the default rules as below.

Packaged app Rules

Right Click “Packaged app Rules” and select “Create Default Rules” this will then create the default rules as below.