We’ve already seen how to restrict software on Windows Server 2012 // R2 using GPOs. There’s another way available since Windows Server 2012, thanks to a feature called AppLocker.
We still use GPOs – AppLocker is a subset of GPOs – to enforce software restriction but it’s easier and more powerful.
AppLocker can manage execution permissions of:
- Executables: files with .exe extension
- Windows installers: Windows installer packages with .msi and .msp extensions
- Scripts: files with .ps1, .bat, .cmd, .cbs and .js extensions
- Packaged Apps: Windows Store apps