Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Edit an AppLocker Policy

Published: April 19, 2012

Updated: May 2, 2012

Applies To: Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2



This topic describes the steps you need to perform to modify an AppLocker policy in Windows Server 2012 and Windows 8.

You can edit an AppLocker policy by adding, changing, or removing rules. However, you cannot create a new version of the policy by importing additional rules. To modify an AppLocker policy that is in production, you should use Group Policy management software that allows you to version Group Policy Objects (GPOs). If you have created multiple AppLocker policies and need to merge them to create one AppLocker policy, you can either manually merge the policies or use the Windows PowerShell cmdlets for AppLocker. You cannot automatically merge policies by using the AppLocker snap-in. You must create one rule collection from two or more policies. The AppLocker policy is saved in XML format, and the exported policy can be edited with any text or XML editor. For information about merging policies, see Merge AppLocker Policies Manually or Merge AppLocker Policies by Using Set-ApplockerPolicy.

There are two methods you can use to edit an AppLocker policy:

The steps to edit an AppLocker policy distributed by Group Policy include the following:

AppLocker provides a feature to export and import AppLocker policies as an XML file. This allows you to modify an AppLocker policy outside your production environment. Because updating an AppLocker policy in a deployed GPO could have unintended consequences, you should first export the AppLocker policy to an XML file. For the procedure to do this, see Export an AppLocker Policy from a GPO.

After exporting the AppLocker policy to an XML file, you should import the XML file onto a reference computer so that you can edit the policy. For the procedure to import an AppLocker policy, see Import an AppLocker Policy from Another Computer.

CautionCaution
Importing a policy onto another computer will overwrite the existing policy on that computer.

AppLocker provides ways to modify, delete, or add rules to a policy by modifying the rules within the collection.

For procedures to export the updated policy from the reference computer back into the GPO, see Export an AppLocker Policy to an XML File and Import an AppLocker Policy into a GPO.

CautionCaution
You should never edit an AppLocker rule collection while it is being enforced in Group Policy. Because AppLocker controls what files are allowed run, making changes to a live policy can create unexpected behavior. For information about testing policies, see Test and Update an AppLocker Policy.

noteNote
If you are performing these steps by using Microsoft Advanced Group Policy Management (AGPM), check out the GPO before exporting the policy.

The steps to edit an AppLocker policy distributed by using the Local Security Policy snap-in include the following tasks.

On the computer where you maintain policies, open the AppLocker snap-in from the Local Security Policy snap-in. If you exported the AppLocker policy from another computer, use AppLocker to import it onto the computer.

After exporting the AppLocker policy to an XML file, you should import the XML file onto a reference computer so that you can edit the policy. For the procedure to import an AppLocker policy, see Import an AppLocker Policy from Another Computer.

CautionCaution
Importing a policy onto another computer will overwrite the existing policy on that computer.

AppLocker provides ways to modify, delete, or add rules to a policy by modifying the rules within the collection.

See Also

Other Resources

AppLocker Overview

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.