Create Your AppLocker Rules

Applies To: Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2012, Windows 8

This topic for the IT professional describes what you need to know about AppLocker rules and the methods that you can to create rules.

Creating AppLocker rules

AppLocker rules apply to the targeted application, and they are the components that make up the AppLocker policy. Depending on your IT environment and the business group that requires application control policies, setting these access rules for each application can be time-consuming and prone to error. With AppLocker, you can generate rules automatically or create rules individually. Creating rules that are derived from your planning document can help you avoid unintended results. For information about this planning document and other planning activities, see AppLocker Policies Design Guide.

Automatically generate your rules

You can use a reference computer to automatically create a set of default rules for each of the installed applications, test and modify each rule as necessary, and deploy the policies. Creating most of the rules for all the installed applications gives you a starting point to build and test your policies. For information about performing this task, see the following topics:

• Configure the AppLocker Reference Computer

• Run the Automatically Generate Rules Wizard

• Create AppLocker Default Rules

• Edit AppLocker Rules

• Configure Exceptions for an AppLocker Rule

Create your rules individually

You can create rules and set the mode to Audit only for each installed application, test and update each rule as necessary, and then deploy the policies. Creating rules individually might be best when you are targeting a small number of applications within a business group.

For information about performing this task, see:

1. Create a Rule That Uses a Publisher Condition

2. Create a Rule That Uses a Path Condition

3. Create a Rule That Uses a File Hash Condition

4. Edit AppLocker Rules

5. Enforce AppLocker Rules

6. Configure an AppLocker Policy for Audit Only

About selecting rules

AppLocker policies are composed of distinct rules for specific applications. These rules are grouped by collection, and they are implemented through an AppLocker policy definition. AppLocker policies are managed by using Group Policy or by using the Local Security Policy snap-in for a single computer.

When you determine what types of rules to create for each of your business groups or organizational units (OUs), you should also determine what enforcement setting to use for each group. Certain rule types are more applicable for some applications, depending on how the applications are deployed in a specific business group.

For information about how to determine and document your AppLocker rules, see AppLocker Policies Design Guide.

For information about AppLocker rules and AppLocker policies, see the following topics:

• Understanding AppLocker Rule Behavior

• Understanding AppLocker Rule Exceptions

• Understanding AppLocker Rule Collections

• Understanding AppLocker Allow and Deny Actions on Rules

• Understanding AppLocker Rule Condition Types

• Understanding AppLocker Default Rules

Next steps

1. Import an AppLocker Policy into a GPO

2. Import an AppLocker Policy from Another Computer

3. Test and Update an AppLocker Policy

4. Deploy the AppLocker Policy into Production

See Also

Create Your AppLocker Policies