Restricting Application Access Using AppLocker:
https://helpcenter.itopia.com/en/articles/4859965-restricting-application-access-using-applocker
https://adamtheautomator.com/windows-10-applocker/
AppLocker configured, Group Policy applied but does not work:
https://www.grouppolicy.biz/2010/08/how-to-use-group-policy-to-control-services/
Probably Application Identity service is not started. Configure Application Identity service startup in GPO:
Computer Configuration > Policies > Windows Settings > Security Settings > System Services > Application Identity
Check this settings applied correctly:
gpresult /h DISK:\GPRESULT.html
It is possible to configure startup of this service on every machine, but it is a waste of s time:
sc config "AppIDSvc" start=auto & net start "AppIDSvc"