Creating Your AppLocker Rules
Applies To: Windows 7, Windows 8, Windows Server 2008 R2, Windows Server 2012
This topic describes what you need to know about AppLocker rules and the different methods to create rules.
Creating AppLocker rules
AppLocker rules apply to the targeted application and are the components that make up the AppLocker policy. Depending on your IT environment and the business group requiring application control policies, setting these access rules for each application can be time-consuming and prone to error. With AppLocker, you can create rules by using either of the following methods. However, creating rules derived from your planning document can help you avoid unintended results. For information about this planning document and other planning activities, see AppLocker Policies Design Guide.
Automatically generate your rules
With a reference computer, you can automatically create a set of default rules for each of the installed applications, test and modify each rule as necessary, and deploy the policies. Creating most of the rules for all the installed applications gives you a starting point to build and test your policies. For information about performing this task, see the following:
Windows Server 2008 R2 and Windows 7
Windows Server 2012 and Windows 8
Create your rules individually
You can create rules and set the mode to audit only for each of the installed applications, test and update each rule as necessary, and then deploy the policies. Creating rules individually might be best when you are targeting a small number of applications within a business group.
Note
AppLocker includes default rules for each rule collection. These rules are intended to help ensure that the files that are required for Windows to operate properly are allowed in an AppLocker rule collection. For information about creating the default rules for the Windows operating system, see:
- Windows Server 2008 R2 and Windows 7
- Windows Server 2012 and Windows 8
For information about performing this task, see:
Windows Server 2008 R2 and Windows 7
Windows Server 2012 and Windows 8
About selecting rules
AppLocker policies are composed of distinct rules for specific applications. These rules are grouped by collection and implemented through an AppLocker policy definition. AppLocker policies are managed either by using Group Policy or by using the Local Security Policy snap-in for a single computer.
When determining what types of rules to create for each of your business groups or organizational units (OUs), you should also determine what enforcement setting to use for each group. Different rule types are more applicable for some applications, depending on the way that the applications are deployed in a specific business group.
For information about how to determine and document your AppLocker rules, see AppLocker Policies Design Guide.
For information about AppLocker rules and AppLocker policies, see the following topics:
Next steps
-
Windows Server 2008 R2 and Windows 7
Windows Server 2012 and Windows 8