Creating Your AppLocker Policies

Applies To: Windows 7, Windows 8, Windows Server 2008 R2, Windows Server 2012

This overview topic describes the steps to create an AppLocker policy and prepare it for deployment.

AppLocker policy deployment steps

Creating effective application control policies with AppLocker starts by creating the rules for each application. Rules are grouped into one of five rule collections. The rule collection then can be configured to be enforced or to run in an audit-only mode. An AppLocker policy includes the rules in the five rule collections and the enforcement settings for each rule collection.

Step 1: Use your plan

You can develop an application control policy plan to guide you in making successful deployment decisions. For more information about how to do this and what you should consider, see the AppLocker Policies Design Guide. The guide is intended for security architects, security administrators, and system administrators. It contains the following topics to help you create an AppLocker policy deployment plan for your organization that will address your specific application control requirements by department, organizational unit, or business group:

  1. Understanding the AppLocker Policy Deployment Process

  2. Understanding AppLocker Policy Design Decisions

  3. Determining Your Application Control Objectives

  4. Creating the List of Applications Deployed to Each Business Group

  5. Selecting the Types of Rules to Create

  6. Determining Group Policy Structure and Rule Enforcement

  7. Planning for AppLocker Policy Management

  8. Creating Your AppLocker Planning Document

Step 2: Create your rules and rule collections

Each rule applies to one or more applications and imposes a specific rule condition upon them. Rules can be created individually or can be generated by the Automatically Generate Rules wizard. For steps to create the rules, see Creating Your AppLocker Rules.

Step 3: Configure the enforcement setting

An AppLocker policy is a set of rule collections that are configured with a rule enforcement setting. The enforcement setting can be Enforce rules, Audit only, or Not configured. If an AppLocker policy has at least one rule and is set to Not configured, all the rules in that policy will be enforced. For information about configuring this setting, see:

Step 4: Update the GPO

AppLocker policies can be defined locally on a computer or applied through Group Policy. To use Group Policy to apply AppLocker policies, you must either create a new Group Policy Object (GPO) or you must update an existing GPO. You can create or modify AppLocker policies using the Group Policy Management Console (GPMC) or you can import an AppLocker policy into a GPO. For the procedure to do this, see:

Step 5: Test the effect of the policy

Either in a test environment, or with the enforcement setting set at Audit only, verify that the results of the policy are what you intended. For information about testing a policy, see Testing and Updating an AppLocker Policy.

Step 6: Implement the policy

Depending upon your deployment method, either import the AppLocker policy to the GPO in your production environment or, if the policy is already deployed, change the enforcement setting to your production environment value, either Enforce rules or Audit only.

Step 7: Test the effect of the policy and adjust

Validate the effect of the policy by analyzing the AppLocker logs for application usage, and modify the policy as necessary. To do this, see:

Next steps

Follow the steps described in the topics below to continue the deployment process:

  1. Creating Your AppLocker Rules

  2. Testing and Updating an AppLocker Policy

  3. Deploying the AppLocker Policy into Production

See Also

Concepts

AppLocker Policies Deployment Guide