Me, myself & IT

One-Click Setup of an AppLocker Policy

Purpose
Instructions
Background Information

Purpose

Present a Windows Script File (*.wsf) to set an (arbitrary) AppLocker policy with just one double-click.

Note: the script requires neither PowerShell with its AppLocker cmdlets nor Microsoft Management Console with its GPEdit.msc and SecPol.msc snap-ins.

Instructions

Perform the following 4 simple steps to create and execute a Windows Script File *.wsf to set an AppLocker policy and activate it.

Create a text file *.wsf, for example AppLocker.wsf, with the following content in an arbitrary directory:

<?xml version='1.0' encoding='US-ASCII' standalone='yes' ?>
<package>
    <job>
        <object id='Application' progid='Shell.Application' />
        <runtime>
            <description>Set an AppLocker Policy on Windows 7 and later versions</description>
        </runtime>
        <script language='JScript'>
            if (WScript.Arguments.Count() != 0)
                WScript.Arguments.ShowUsage()
            else
                Application.ShellExecute(WScript.FullName, '//Job:Policy ' + WScript.ScriptFullName, WScript.Path, 'RunAs', 1)
        </script>
    </job>
    <job id='Policy'>
        <object id='AppIdPolicyHandler' classid='clsid:F1ED7D4C-F863-4DE6-A1CA-7253EFDEE1F3' />
        <object id='Application' progid='Shell.Application' />
        <resource id='Policy'><![CDATA[<AppLockerPolicy Version='1' />]]></resource>
        <script language='JScript'>
            if (Application.IsServiceRunning('AppIdSvc') == 0)
                Application.ServiceStart('AppIdSvc', 1)
            AppIdPolicyHandler.SetPolicy('', getResource('Policy'))
        </script>
    </job>
</package>

Replace the highlighted XML snippet – an (empty) allow all AppLocker policy – with the one you wish to deploy, for example the generic AppLocker policy for Windows 11 presented by the Eleventh Commandment, then save the modified Windows Script File.
Run the Windows Script File modified in step 2. per double-click.
Note: it requires Administrator rights and requests them via User Account Control if necessary.
Restart Windows to activate the just set AppLocker policy.

Contact and Feedback

If you miss anything here, have additions, comments, corrections, criticism or questions, want to give feedback, hints or tipps, report broken links, bugs, deficiencies, errors, inaccuracies, misrepresentations, omissions, shortcomings, vulnerabilities or weaknesses, …: don’t hesitate to contact me and feel free to ask, comment, criticise, flame, notify or report!

Use the X.509 certificate to send S/MIME encrypted mail.

Note: email in weird format and without a proper sender name is likely to be discarded!

I dislike HTML (and even weirder formats too) in email, I prefer to receive plain text.
I also expect to see your full (real) name as sender, not your nickname.
I abhor top posts and expect inline quotes in replies.

Terms and Conditions

By using this site, you signify your agreement to these terms and conditions. If you do not agree to these terms and conditions, do not use this site!

The software and the documentation on this site are provided as is without any warranty, neither express nor implied.
In no event will the author be held liable for any damage(s) arising from the use of the software or the documentation.
Permission is granted to use the current version of the software and the current version of the documentation solely for personal private and non-commercial purposes.
An individuals use of the software or the documentation in his or her capacity or function as an agent, (independent) contractor, employee, member or officer of a business, corporation or organisation (commercial or non-commercial) does not qualify as personal private and non-commercial purpose.
Without written approval from the author the software or the documentation must not be used for a business, for commercial, corporate, governmental, military or organisational purposes of any kind, or in a commercial, corporate, governmental, military or organisational environment of any kind.
Redistribution of the software and the documentation is allowed only in unmodified form of its current version and free of charge.

Data Protection Declaration

This web page records no (personal) data and stores no cookies in the web browser.

The web service is operated and provided by

Telekom Deutschland GmbH
Business Center
D-64306 Darmstadt
Germany
<‍hosting‍@‍telekom‍.‍de‍>
+49 800 5252033

The web service provider stores a session cookie in the web browser and records every visit of this web site with the following data in an access log on their server(s):

the (pseudonymised) IP address;
the date and time of the request;
the URL of the requested web page or file;
the Referer and User-Agent HTTP headers sent by the web browser;
the result (success or failure) of the request;
the amount of data received and sent.