Export (0) Print
Expand All
1 out of 1 rated this helpful - Rate this topic

Preparing to Deploy AppLocker Policies

Updated: June 27, 2012

Applies To: Windows 7, Windows 8, Windows Server 2008 R2, Windows Server 2012

This topic describes the preparation tasks that should be completed before you deploy AppLocker application control settings introduced in Windows Server 2008 R2 and Windows 7.

For most organizations, the deployment process means switching the AppLocker enforcement setting from Audit only to Enforce rules. Depending upon the needs of different business groups in your organization, you might be deploying different enforcement settings for linked GPOs. However, if you have set up the reference computer to replicate application usage for a particular business group, then policy deployment involves more steps.

Before deploying an AppLocker policy, you should have determined:

For information about how AppLocker deployment is dependent upon design decisions, see Understanding AppLocker Policy Design Decisions.

If you have configured a reference computer, you can create and update your AppLocker policies on this computer, test the policies, and then export the policies to the appropriate GPO for distribution. The other method is to create the policies in your test environment with the enforcement setting set to Audit only, observe the events generated, deploy the policies into the production environment with the enforcement setting set to Audit only, and then validate the effect of the policies.

See Also

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.