Edit AppLocker Rules

 

Applies To: Windows 8.1, Windows Server 2012 R2, Windows Server 2012, Windows 8

This topic describes the steps to edit a publisher rule, path rule, and file hash rule in AppLocker in Windows Server 2012 and Windows 8.

For more information about these rule types, see Understanding AppLocker Rule Condition Types.

You can perform this task by using the Group Policy Management Console for an AppLocker policy in a Group Policy Object (GPO) or by using the Local Security Policy snap-in for an AppLocker policy on a local computer or in a security template. For information how to use these MMC snap-ins to administer AppLocker, see Using the MMC snap-ins to administer AppLocker.

To edit a publisher rule

  1. In the console tree of the snap-in, double-click Application Control Policies, and then double-click AppLocker.

  2. Click the appropriate rule collection.

  3. In the Action pane, right-click the publisher rule, and then click Properties.

  4. Click the appropriate tab to edit the rule properties.

    • Click the General tab to change the rule name, add a rule description, configure whether the rule is used to allow or deny applications, and set the security group for which this rule should apply.

    • Click the Publisher tab to configure the certificate's common name, the product name, the file name, or file version of the publisher.

    • Click the Exceptions tab to create or edit exceptions.

    • When you finish updating the rule, click OK.

To edit a file hash rule

  1. In the console tree of the snap-in, double-click Application Control Policies, and then double-click AppLocker.

  2. Choose the appropriate rule collection.

  3. In the Action pane, right-click the file hash rule, and then click Properties.

  4. Click the appropriate tab to edit the rule properties.

    • Click the General tab to change the rule name, add a rule description, configure whether the rule is used to allow or deny applications, and set the security group in which this rule should apply.

    • Click the File Hash tab to configure the files that should be used to enforce the rule. You can click Browse Files to add a specific file or click Browse Folders to add all files in a specified folder. To remove hashes individually, click Remove.

    • When you finish updating the rule, click OK.

To edit a path rule

  1. In the console tree in the snap-in, double-click Application Control Policies, and then double-click AppLocker.

  2. Choose the appropriate rule collection.

  3. In the Action pane, right-click the path rule, and then click Properties.

  4. Click the appropriate tab to edit the rule properties.

    • Click the General tab to change the rule name, add a rule description, configure whether the rule is used to allow or deny applications, and set the security group in which this rule should apply.

    • Click the Path tab to configure the path on the computer in which the rule should be enforced.

    • Click the Exceptions tab to create exceptions for specific files in a folder.

    • When you finish updating the rule, click OK.