Delete an AppLocker Rule

  • Article

Applies To: Windows 7, Windows Server 2008 R2

This topic describes the steps to delete an AppLocker rule, which will prevent the application that is specified in the rule from running.

As older applications are retired and new applications are deployed in your organization, it will be necessary to modify the application control policies. If an application becomes unsupported by the IT department or is no longer allowed due to the organization's security policy, then deleting the rule or rules associated with that application will prevent the application from running.

For information about testing an AppLocker policy to see what rules affect which files or applications, see Test an AppLocker Policy by Using Test-AppLockerPolicy.

You can perform this task by using Group Policy for an AppLocker policy in a Group Policy Object (GPO) or by using the Local Security Policy snap-in for an AppLocker policy on a local computer.

  • To delete a rule in an AppLocker policy by using Group Policy

  • To delete a rule in an AppLocker policy by using the Local Security Policy snap-in

To complete this procedure, you must have Edit Setting permission to edit a GPO. By default, members of the Domain Admins group, the Enterprise Admins group, and the Group Policy Creator Owners group have this permission.

To delete a rule in an AppLocker policy by using Group Policy

  1. Click Start, click Administrative Tools, and then click Group Policy Management to open the Group Policy Management Console (GPMC).

  2. Locate the GPO that contains the AppLocker policy to modify, right-click the GPO, and click Edit.

  3. In the console tree, double-click Application Control Policies, and then double-click AppLocker.

  4. Click the appropriate rule collection for which you want to delete the rule.

  5. In the details pane, right-click the rule to delete, click Delete, and then click Yes.

Note

For the rule deletion to take effect on computers within the domain, the GPO must be distributed or refreshed.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To delete a rule in an AppLocker policy by using the Local Security Policy snap-in

  1. Click Start, type secpol.msc in the Search programs and files box, and then press ENTER.

  2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.

  3. In the console tree, double-click Application Control Policies, and then double-click AppLocker.

  4. Click the appropriate rule collection for which you want to delete the rule.

  5. In the details pane, right-click the rule to delete, click Delete, and then click Yes.

Note

After this procedure is performed on the local computer, the AppLocker policy takes effect immediately.