Set Application Identity service to automatic from services.msc.
Fire up secpol.msc with admin token and enable the required rule collection
Create rules for each collection. In this case I want to block Windows Help
Locking down Windows Thin PC.
No matter how well a machine in kiosk mode is locked down, people find a way to get access to command prompt, and the reason I fell is because of the windows help, a link on a help topic triggers IE and from IE local file system browsing is possible. So using AppLocker in Windows Thin PC (cut down version of windows 7 x86 Ent) you can further lock it down.