Posted by: kurtsh | March 23, 2012

INFO: Difference between Software Restriction Policies & Windows 7’s AppLocker

Software Restriction Policies (SRP) was originally designed in Windows XP and Windows Server 2003 to help IT professionals limit the number of applications that would require administrator access. With the introduction of User Account Control (UAC) and the emphasis of standard user accounts in Windows Vista, fewer applications today require administrator privileges. As a result, AppLocker was introduced to expand the original goals of SRP by allowing IT administrators to create a comprehensive list of applications that should be allowed to run.

The following table compares AppLocker to SRP:

Feature Software Rest. Policies AppLocker
Rule scope Specific user or group (per GPO) Specific user or group (per rule)
Rule conditions provided File hash, path, certificate, registry path, and Internet zone roles File hash, path, and publisher rules
Rule types provided Allow and deny Deny
Default rule action Allow and deny Deny
Audit-only mode No Yes
Wizard to create multiple rules at one time No Yes
Policy import or export No Yes
Rule Collection No Yes
PowerShell Support No Yes
Custom error messages No Yes

For more information visit the AppLocker resource pages on

Note: The above content is the same content from the Technet article “AppLocker: Frequently Asked Questions” at:


%d bloggers like this: