Now you will see the overall controls for the applications.
Under Configure Rule Enforcement hit the Configure rule enforcement link.
Now under AppLocker Properties check the boxes next to Configured under Executable rules then click Ok. After completing the steps above, under the Overview section press Executable Rules.
Since this is your first time accessing AppLocker, there will be no rules listed.
Right-click and select Create New Rule…
Select Permissions under Action select Deny.
Add the user you want to block, in this case it’s Jack.
After you’ve selected the deny action and selected the user continue to the next step.
In Conditions you could select from Publisher, Path or File hash.
We don’t want Jack to have access to any of the games.
so we will select Path.
tap on Browse Folders and go for the Microsoft Games folder.
When everything looks right press Create.
A message pops up saying default rules haven’t been created yet.
It is important to ensure they are created so click Yes to this message.
By default this service is not started so you will need to enable it.
Only an Administrator can go in and change the rule.
ConclusionUse caution when configuring the rules and only start the software Identity service after everything looks right.
![sshot-2009-11-08-[22-52-10]](https://static1.howtogeekimages.com/wordpress/wp-content/uploads/2009/11/sshot20091108225210.png)
