The concept is very close to SRP. So close that it actually replaces it. In Ultimate and Entreprise versions of Win 7, SRP, even if set up, is simply bypassed if AppLocker is set up as well. SRP is still there for means of back compatibility. AppLocker is located in the Local Security Policy (administration tools) at the same place you can find SRP. How to set it up. First the meaning of AppLocker is to implement a further layer of security when running in a limited user account called standard user in Win 7 and by denying the execution of executable files, script and batch files, Windows installer files, and DLL (and Activex) files that do not meet the rules configured. I propose to show how to create a default set of rule for AppLocker and to activate it. Sorry for the pictures, my win 7 is in French. First différence between SRP and Applocker : Under your admin account, run as admin the Local Security Policy: In the left pane, right-click on AppLocker and select Properties. For every rule, tick Configured and from the drop down menu select apply rules. Once done, go to the Advanced tab, and tick to activate the DLL Rules. You should get this : Just press Ok. Now you should see this: Only a simple thing to do, right-click on each of the sub-menus in the left panel: - executable rules - DLL rules - script rules - Windows Installer rules, and select "Create default rules". This will auto-generate the by default rules (similar to SRP - but once created spend time analysing them - you will see how smart they are!) An example: Now you believe you are done, but unfortunately, there is a last step to go through. this is about the activation of the windows sevice, absolutely necessary to allow the enforcement of AppLocker. Still under your admin account, run as admin the submenu Services in your Administration Tools, and look for the service "Application Identity (not sure about the exact name in english) Its true name is AppIDSvc, as you can see after doubleclicking the Application Identity line On this very same window, just click on start, and on the start up type, select automatic. This will start the service now and at every windows start up. Press OK and you're done. From now on your AppLocker policy is active, and will be at every boot! windsman.