Configure an AppLocker Policy for Enforce Rules

  • Article

Applies To: Windows 7, Windows Server 2008 R2

This topic describes the steps to enable the AppLocker policy enforcement setting.

You can perform this task by using Group Policy for an AppLocker policy in a Group Policy Object (GPO) or by using the Local Security Policy snap-in for an AppLocker policy on a local computer.

Note

When AppLocker policy enforcement is set to Enforce rules, rules are enforced for the rule collection and all events are audited.

For information about how AppLocker policies are applied within a GPO structure, see Understanding AppLocker Rules and Enforcement Setting Inheritance in Group Policy.

To complete this procedure, you must have Edit Setting permission to edit a GPO. By default, members of the Domain Admins group, the Enterprise Admins group, and the Group Policy Creator Owners group have this permission.

To enable the Enforce rules enforcement setting for a GPO by using Group Policy

  1. Click Start, click Administrative Tools, and then click Group Policy Management to open the Group Policy Management Console (GPMC).

  2. Locate the GPO to edit, right-click the GPO, and click Edit.

  3. In the console tree under Computer Configuration\Windows Settings\Security Settings\Application Control Policies, right-click AppLocker, and then click Properties.

  4. On the Enforcement tab of the AppLocker Properties dialog box, select the Configured check box for the rule collection that you are editing, and then verify that Enforce rules is selected.

  5. Click OK.

For information about viewing the events generated from rules enforcement, see View the AppLocker Log in Event Viewer.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To enable the Enforce rules enforcement setting by using the Local Security Policy snap-in

  1. Click Start, type secpol.msc in the Search programs and files box, and then press ENTER.

  2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.

  3. In the console tree, double-click Application Control Policies, right-click AppLocker, and then click Properties.

  4. On the Enforcement tab, select the Configured check box for the rule collection that you want to enforce, and then verify that Enforce rules is selected in the list for that rule collection.

  5. Repeat step 4 to configure the enforcement setting to Enforce rules for additional rule collections.

  6. Click OK.

For information about viewing the events generated from rules enforcement, see View the AppLocker Log in Event Viewer.