Before you can enforce AppLocker policies, you must start the Application Identity service by using the Services snap-in console.
Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.
|To start the Application Identity service|
Click Start, click Administrative Tools, and then click Services.
In the Services snap-in console, double-click Application Identity.
In the Application Identity Properties dialog box, click Automatic in the Startup type list, click Start, and then click OK.
You can also use a Group Policy object (GPO) setting that configures the Application Identity service Startup type to Automatic. For information about using Group Policy, see Planning and Deploying Group Policy (http://go.microsoft.com/fwlink/?LinkId=143689).