Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

DLL Rules in AppLocker


Updated: June 21, 2012

Applies To: Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2012, Windows 8

This topic describes the file formats and available default rules for the DLL rule collection.

AppLocker defines DLL rules to include only the following file formats:

  • .dll

  • .ocx

The following table lists the default rules that are available for the DLL rule collection.




Rule condition type

Allows members of the local Administrators group to run all DLLs

(Default Rule) All DLLs


Path: *

Allow all users to run DLLs in the Windows folder

(Default Rule) Microsoft Windows DLLs


Path: %windir%\*

Allow all users to run DLLs in the Program Files folder

(Default Rule) All DLLs located in the Program Files folder


Path: %programfiles%\*


If you use DLL rules, a DLL allow rule has to be created for each DLL that is used by all of the allowed applications.


When DLL rules are used, AppLocker must check each DLL that an application loads. Therefore, users may experience a reduction in performance if DLL rules are used.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
© 2015 Microsoft