Step 1
Set Application Identity service to automatic from services.msc.
Step 2
Fire up secpol.msc with admin token and enable the required rule collection
Step 3
Create rules for each collection. In this case I want to block Windows Help
Use Case
Locking down Windows Thin PC.
No matter how well a machine in kiosk mode is locked down, people find a way to get access to command prompt, and the reason I fell is because of the windows help, a link on a help topic triggers IE and from IE local file system browsing is possible. So using AppLocker in Windows Thin PC (cut down version of windows 7 x86 Ent) you can further lock it down.