Before you can enforce AppLocker policies, you must start the Application Identity service by using the Services snap-in console.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To start the Application Identity service
  1. Click Start, click Administrative Tools, and then click Services.

  2. In the Services snap-in console, double-click Application Identity.

  3. In the Application Identity Properties dialog box, click Automatic in the Startup type list, click Start, and then click OK.


You can also use a Group Policy object (GPO) setting that configures the Application Identity service Startup type to Automatic. For information about using Group Policy, see Planning and Deploying Group Policy (

Additional references