New-File-Properties-to-copy-IdleLogoff.exe-to-computers.png' alt='Update Group Policy Command Line Windows 7' title='Update Group Policy Command Line Windows 7' />How to configure App. Locker Group Policy in Windows 7 to block third party browsers. One of the problem that face IT Administrators today is keeping up with all the security updates you need to deploy to your computers to keep them secure. This is even more exacerbated by the very large number of security updates associate with running multiple browsers. Tally Setups And Backup Softwares there. An AZ Index of the Windows CMD command line ADDUSERS Add or list users tofrom a CSV file ADmodcmd Active Directory Bulk Modify ARP Address Resolution Protocol. Also having multiple browsers on network could mean that you have totally patched one browser using your patch management system only to have user use a different type of browser that is completely un patches. Another reason IT Administrators might want to block running third party browsers is the lack of group policy support which makes it very difficult for administrators configured the browser to corporate standards e. Luckily Windows 7 comes with a new feature that prevent the user from running a particular executable called App. Locker which can be used to block all but authorised internet browsers. Update Also check out my Troubleshooting App. Locker workflow post at  http www. App. Locker is a new feature in Windows 7 that allows system administrators to block a particular executable from running on a computer. Easily enable Group Policy Editor GPEdit. Windows 10 Home Edition using our 5 step method. Easy and quick Provides a link to Microsoft security advisory 3004375 Update to improve Windows commandline auditing. I need to be able Disable or quiet UAC without reboot from command line without user confirmation as local system. We use LANDesk and I want to add a part. This is a enhanced version of Software Restriction Policy which did a similar thing in Windows XPVista, but it can only block programs based on either a file name, path or file hash. The App. Locker feature takes it a step further and allows administrators block executables based on its digital signature. The benefit of basing this on a digital signature is that you can block programs based on a combination of the version, program name or even vendor name. This means that even if the vendor updates the program with a new version which happens often with browsers the App. Locker rules will still apply greatly saving administrative overhead. You can also set the rule based on the program version which means you can set a minimum supported versions that is allowed to run. Another advantage is that App. Locker applies to any program that runs on a computer meaning that no matter where the program is being run from e. USB Memory stick it will prevent it from running. Note You can also use this tutorial to block the running of any other program weather it be from a third party or even from Microsoft. In this example I show you how to block running Google Chrome on any of your computers in your network however you can just as easily apply the same process to any other browser e. Firefox, Safari. Step 1. Edit the Group Policy Object that is targeted to the computer you want to apply this policy. Navigate to Computer Configuration Policies Windows Settings Security Settings Application Control Policies and then click on Configure rule enforcementStep 2. Under Executable rules tick Configured and select the Enforce rules option from the pop down menu then click OK. Step 3. Right click on Executable Rules and click on Create New Rule. Step 4. Click NextStep 5. Select Deny and then click NextStep 6. Disable-Background-Registry-Refresh-Windows-8.png' alt='Update Group Policy Command Line Windows 7' title='Update Group Policy Command Line Windows 7' />Select Publisher condition and click NextNote The Path and File hash option are the same condition as was available in a software restriction policy that was in Windows XP and Vista. Step 7. Click on BrowseStep 8. Select the chrome. OpenNote Again I have used Chrome as an example you can easily select the executable of any other browsers including Internet Explorer here as well if you want to block multiple browsers. Step 9. In this example we are just going to accept the defaults and click Next. Optional If you wanted to just block a particular version of browser or program or just any version below a certain number tick Use custom values and then enter the version number in the File version field and select And Below from the pop down menu. Step 1. 0 Click Next Step 1. Click CreateStep 1. You will now be prompted to create some default rules that ensure that you dont accidently stop Windows from working. Click Yes to this if you dont already have these rules created. Step 1. 3 Optional If you also want this App. Locker rule to apply computer administrators then right click on the BUILTINAdministrators rule and click DeleteStep 1. Optional Click YesYou App. Locker Rules are now setup and should now look like thisNow there is one more thing you need to do to enable App. Locker on the computerStep 1. In the same Group Policy Object you were just editing navigate to Computer Configuration Policies Windows Settings Security Settings System Services and double click on the Application Identity service. Note This is the process that scans all the file before they are executed to check the name, hash or signature of the executable before it is run. If this is not turned on then App. Locker will simple not work. Step 1. 6 Tick Define this policy setting and tick Automatic then click OKThe services section should now look like thisYour all done Now when the user tries to run an un approved browser or program they will be presented to this dialogue boxNow if you want to make sure you have covered all the bases below is a an image of the App. Locker rules configured with a few more denied browsersRelated.