Export (0) Print
Expand All

Deploying the AppLocker Policy into Production

Updated: May 23, 2012

Applies To: Windows 7, Windows 8, Windows Server 2008 R2, Windows Server 2012

This topic describes the tasks that should be completed before deploying AppLocker application control settings.

After successfully testing and modifying the AppLocker policy for each Group Policy Object (GPO), you are ready to deploy the enforcement settings into production. For most organizations, this means switching the AppLocker enforcement setting from Audit only to Enforce rules. However, it is important to follow the deployment plan that you created earlier. For more information, see the AppLocker Policies Design Guide. Depending upon the needs of different business groups in your organization, you might be deploying different enforcement settings for linked GPOs.

Before deploying an AppLocker policy, you should have determined:

For information about how AppLocker deployment is dependent upon design decisions, see Understanding AppLocker Policy Design Decisions.

If you have configured a reference computer, you can create and update your AppLocker policies on this computer, test the policies, and then export the policies to the appropriate GPO for distribution. The other method is to create the policies with the enforcement setting set at Audit only and observe the events generated.

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft