Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Enable the DLL Rule Collection

Updated: November 9, 2009

Applies To: Windows 7, Windows Server 2008 R2

This topic describes the steps to enable the DLL rule collection feature for AppLocker in Windows Server 2008 R2 and Windows 7.

The DLL rule collection includes the .dll and .ocx file formats.

For information about these rules, see DLL Rules in AppLocker.

You can enable the DLL rule collection by using Group Policy for an AppLocker policy in a Group Policy Object (GPO) or by using the Local Security Policy snap-in for an AppLocker policy on a local computer.

To complete this procedure, you must have Edit Setting permission to edit a GPO. By default, members of the Domain Admins group, the Enterprise Admins group, and the Group Policy Creator Owners group have this permission.

  1. Click Start, click Administrative Tools, and then click Group Policy Management to open the Group Policy Management Console (GPMC).

  2. Locate the GPO that contains the AppLocker policy to modify, right-click the GPO, and click Edit.

  3. In the console tree, double-click Application Control Policies, right-click AppLocker, and then click Properties.

  4. Click the Advanced tab, select the Enable the DLL rule collection check box, and then click OK.

    ImportantImportant
    Before you enforce DLL rules, make sure that there are allow rules for each DLL that is used by any of the allowed applications.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

  1. Click Start, type secpol.msc in the Search programs and files box, and then press ENTER.

  2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.

  3. In the console tree, double-click Application Control Policies, right-click AppLocker, and then click Properties.

  4. Click the Advanced tab, select the Enable the DLL rule collection check box, and then click OK.

    ImportantImportant
    Before you enforce DLL rules, make sure that there are allow rules for each DLL that is used by any of the allowed applications.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.