Applocker (ApplicationProgramControl Policy) is a new security function in Windows 7, which can be easily configured by the applocker administrator. For example, if the executable file of qq.exe is not applocker, all users can use this program. After the application control policy is applied, the restricted user cannot use this program.
Open start-run and enter gpedit. MSC to open the Group Policy Editor. In the left-side pane, choose computer configuration> Windows Settings> Security Settings> application control ", the configuration items of the applocker Group Policy-"executable rules", "Windows Installer rules", and "script rules" are displayed, right-click each rule to create a new rule. You can create an operation rule based on your needs. Right-click "executable rules-create new rules", click "Next", click "select", click "advanced" in the displayed dialog box, and click "Search now ", find the user you want to disable, and then add the specified user to the rule. Then, click "CREATE" to direct the banned object to qq.exe.
To prevent flash viruses from spreading, do not run the autorun. inf file. Select "script rule"-"create new rule", select "permission"-"deny" in the pop-up window, and select "everyone" in "user or group ", "Next", select "Lu Jin" in the creation conditions, and enter "?" in the "path" box. : \ Autorun. inf. Click "Next" and click "CREATE.
In this way, users can set various types of default rules for applocker based on their actual conditions to prevent normal system programs from being exploited by viruses and Trojans, prevents malicious programs from entering the computer through unusual channels.