When applied with Group Policy, AppLocker doesn’t play nice with Windows 10 Professional. Meaning, you’ll have to look elsewhere to lock down applications on domain-joined machines. AppLocker Alternatives. Before committing to AppLocker, you should perform a due diligence analysis of alternative solutions. AppLocker has been with us for quite some time now reaching back all the way to good old Windows 7. Although it is not the best solution from a technical point of view (there’s Windows Defender Application Control including TPM-enforced policy signing) it is still a good way to build a quick solution to stop users from installing software. If that doesn't suit you, our users have ranked 10 alternatives to Applocker and seven of them are available for Windows so hopefully you can find a suitable replacement. Other interesting Windows alternatives to Applocker are VoodooShield (Freemium), Carbon Black Protection (Paid), NoVirusThanks EXE Radar Pro (Paid) and Excubits Bouncer. AppLocker is a security feature that's not available in Windows 10 Pro. It allows you to create a whitelist of apps that are allowed to run on the system. Anything that isn't explicitly allowed through AppLocker won't run on the computer, making it a great tool for environments that deal with highly sensitive information. Thank you for choosing AppLocker, one of the top tools developed by Smart-X Software Solutions expert team in an effort to optimize your everyday work. TouchVPN for Windows 10.
Update 01.12.2012: clarified Applocker support on server core installations.
Hello folks! Today I want to share some personal opinions about one Windows whitelisting technology — Applocker, especially about the future.
Not all know that this is not something new (as Microsoft promotes), but a next generation of Software Restriction Policies (SRP). SRP is original Microsoft whitelisting technology which was introduced in 2001 (with Windows XP release). Due to various reasons, SRP didn’t become a popular technology that was used by systems administrators (not talking about home users). Microsoft attempted to make SRP more flexible, user-friendly and simple in configuration and usage. As the result, we got SRPv2 called Applocker, which was introduced in Windows 7 and Windows Server 2008 R2.
From the first look it was a nice replacement for SRP with some useful additions. For example, we can export and import rules in XML format, create rule collections, added new useful variables, nice rule creation wizard and built-in security filtering. I successfully used Applocker on my personal computers when I got an access to Windows 7 (previously I used SRP) as a free and powerful malware protection mechanism.
Even though, Microsoft actively promoted Applocker between IT Pros, the technology remained behind the scene, because it was available only in Windows 7 Ultimate and Enterprise editions. This was a bad move, because small business market not always can purchase Enterprise editions and commonly uses Professional edition (a replacement for Vista Business). Windows 7 Pro has Applocker console where you can create rules and export them, you cannot enforce them. There are no business decisions to limit Applocker to top desktop editions (Ultimate and Enterprise). In small business (SMB) it is easier to keep similar operating systems (say, Windows 7 Pro clients and SBS servers) than for large enterprises. Thus, it is almost impossible for companies to use Applocker as a unified whitelisting technology, because there are systems which do not support Applocker. And companies have to maintain both technologies — Applocker for modern systems and SRP for other systems. Theoretically. In practice, SRP has better support and sometimes is better than Applocker. Here is a full list of operating systems that supports Applocker:
- Windows 7 Ultimate, Enterprise
- Windows 8 Enterprise
- Windows Server 2008 R2 (all editions)
- Windows Server 2012 (all editions, except server core installation)
and SRP support:
- Windows XP Professional, MediaCenter
- Windows Vista Business, Ultimate, Enterprise
- Windows 7 Professional, Ultimate, Enterprise
- Windows 8 RT, Professional, Ultimate, Enterprise
- Windows Server 2003 (all editions)
- Windows Server 2008 (all editions)
- Windows Server 2008 R2 (all editions)
- Windows Server 2012 (all editions)
feel the difference. Also Applocker has a serious (in certain cases — blocking) bug: you cannot create path rules for network locations (or mapped drives). On the other hand, SRP lacks in built-in security filtering, as the result we have to maintain multiple group policy objects (GPO) to allow various software usage scenarios depending on a user permissions. Also I would like to show you a quick table that displays feature support in Applocker and SRP:
Applocker Windows 10 Professional
| SRP | AppLocker | |
| Rules applies to (in a single GPO): | All users | Specified users and groups |
| Default action level | Unrestricted | Deny |
| Has explicit “Allow” action | ||
| Has explicit “Deny” actions | ||
| Has special action | ||
| Certificate rules | ||
| Publisher rules | ||
| Hash rules | ||
| Network zone rules | ||
| Path rules | ||
| System environment variables | ||
| Special environment variables | ||
| Can read paths from registry | ||
| Audit mode | ||
| Rule collections | ||
| Rule creation wizrd | ||
| Policy export/import | ||
| PowerShell support | ||
| Error messages when application is blocked | ||
| Configurable extension list | ||
| Can control Metro apps |
Applocker Windows 10 Pro Activation Key 64 Bit
The table displays the most important features that we may want to see in any whitelisting technology.
Recently I bought a new notebook and installed Windows 8 Pro. I was really disappointed when I noticed, that Applocker is partially supported there (cannot enforce rules). I spend some time to move Applocker rules to SRP.
Windows 8 is second Windows OS generation where we can use Applocker, however technology support is limited again. Even though, SRP has few disadvantages (comparing with Applocker), better OS support makes more sense and is more decisional than anything else. I don’t see any chances for Applocker to become a popular whitelisting technology in near future. If you have something to tell about the subject — you are welcome in comments.