Run the Automatically Generate Rules Wizard

  • Article

Applies To: Windows 7, Windows Server 2008 R2

This topic describes steps to run the wizard to create AppLocker rules on a reference computer.

AppLocker allows you to automatically generate rules for all files within a folder. It will scan the specified folder and create the condition types that you choose for each file in that folder.

You can perform this task by using Group Policy for an AppLocker policy in a Group Policy Object (GPO) or by using the Local Security Policy snap-in for an AppLocker policy on a local computer.

  • To automatically generate rules by using Group Policy

  • To automatically generate rules by using the Local Security Policy snap-in

To complete this procedure, you must have Edit Setting permission to edit a GPO. By default, members of the Domain Admins group, the Enterprise Admins group, and the Group Policy Creator Owners group have this permission.

To automatically generate rules by using Group Policy

  1. Click Start, click Administrative Tools, and then click Group Policy Management to open the Group Policy Management Console (GPMC).

  2. Locate the GPO that contains the AppLocker policy to modify, right-click the GPO, and click Edit.

  3. In the console tree, double-click Application Control Policies, and then double-click AppLocker.

  4. Right-click the appropriate rule collection for which you want to automatically generate rules. You can automatically generate rules for executable, Windows Installer, and script rules.

  5. Click Automatically Generate Rules.

  6. On the Folder and Permissions page, click Browse to choose the folder to be analyzed. By default, this is the Program Files folder.

  7. Click Select to choose the security group in which the default rules should be applied. By default, this is the Everyone group.

  8. The wizard provides a name in the Name to identify this set of rules box based on the name of the folder that you have selected. Accept the provided name or type a different name, and then click Next.

  9. On the Rule Preferences page, choose the conditions that you want the wizard to use while creating rules, and then click Next. For more information about rule conditions, see Understanding AppLocker Rule Condition Types.

Note

The Reduce the number of rules created by grouping similar files check box is selected by default. This helps you organize AppLocker rules and reduce the number of rules that you create by performing the following operations for the rule condition that you select:

  • One publisher condition is created for all files that have the same publisher and product name.

  • One path condition is created for the folder that you select. For example, if you select C:\Program Files\ProgramName\ and the files in that folder are not signed, the wizard creates a rule for %programfiles%\ProgramName\*.

  • One file hash condition is created that contains all of the file hashes. When rule grouping is disabled, the wizard creates a file hash rule for each file.

  1. Review the files that were analyzed and the rules that will be automatically created. To make changes, click Previous to return to the page where you can change your selections. After reviewing the rules, click Create.

Note

If you are running the wizard to create your first rules for a GPO, you will be prompted to create the default rules, which allow critical system files to run, after completing the wizard. You may edit the default rules at any time. If your organization has decided to edit the default rules or create custom rules to allow the Windows system files to run, ensure that you delete the default rules after replacing them with your custom rules.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To automatically generate rules by using the Local Security Policy snap-in

  1. Click Start, type secpol.msc in the Search programs and files box, and then press ENTER.

  2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.

  3. In the console tree, double-click Application Control Policies, and then double-click AppLocker.

  4. Right-click the appropriate rule collection for which you want to automatically generate rules. You can automatically generate rules for executable, Windows Installer, and script rules.

  5. Click Automatically Generate Rules.

  6. On the Folder and Permissions page, click Browse to choose the folder to be analyzed. By default, this is the Program Files folder.

  7. Click Select to choose the security group in which the default rules should be applied. By default, this is the Everyone group.

  8. The wizard provides a name in the Name to identify this set of rules box based on the name of the folder that you have selected. Accept the provided name or type a different name, and then click Next.

  9. On the Rule Preferences page, choose the conditions that you want the wizard to use while creating rules, and then click Next. For more information about rule conditions, seeUnderstanding AppLocker Rule Condition Types.

Note

The Reduce the number of rules created by grouping similar files check box is selected by default. This helps you organize AppLocker rules and reduce the number of rules that you create by performing the following operations for the rule condition that you select:

  • One publisher condition is created for all files that have the same publisher and product name.

  • One path condition is created for the folder that you select. For example, if you select C:\Program Files\ProgramName\ and the files in that folder are not signed, the wizard creates a rule for %programfiles%\ProgramName\*.

  • One file hash condition is created that contains all of the file hashes. When rule grouping is disabled, the wizard creates a file hash rule for each file.

  1. Review the files that were analyzed and the rules that will be automatically created. To make changes, click Previous to return to the page where you can change your selections. After reviewing the rules, click Create.