Export (0) Print
Expand All
0 out of 2 rated this helpful - Rate this topic

Windows Installer Rules in AppLocker

Updated: June 21, 2012

Applies To: Windows 7, Windows 8, Windows Server 2008 R2, Windows Server 2012

This topic describes the file formats and available default rules for the Windows Installer rule collection.

AppLocker defines Windows Installer rules to include only the following file formats:

  • .msi

  • .msp

  • .mst

The purpose of this collection is to allow you to control the installation of files on client computers and servers through Group Policy or the Local Security Policy snap-in. The following table lists the default rules that are available for the Windows Installer rule collection.

 

Purpose Name User Rule condition type

Allow members of the local Administrators group to run all Windows Installer files

(Default Rule) All Windows Installer files

BUILTIN\Administrators

Path: *

Allow all users to run Windows Installer files that are digitally signed

(Default Rule) All digitally signed Windows Installer files

Everyone

Publisher: * (all signed files)

Allow all users to run Windows Installer files that are located in the Windows Installer folder

(Default Rule) All Windows Installer files in %systemdrive%\Windows\Installer

Everyone

Path: %windir%\Installer\*

See Also

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.