Tools to Use with AppLocker
Updated: June 21, 2012
Applies To: Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2012, Windows 8
This topic for the IT professional describes the tools available to create and administer AppLocker policies.
The following tools can help you administer the application control policies created by using AppLocker on the local computer or by using Group Policy. For information about the basic requirements for using AppLocker, see Requirements to Use AppLocker.
AppLocker Local Security Policy MMC snap-in
The AppLocker rules can be maintained by using the Local Security Policy snap-in (secpol.msc) of the Microsoft Management Console (MMC). For procedures to create, modify, and delete AppLocker rules, see Working with AppLocker Rules.
Generate Default Rules tool
AppLocker includes default rules for each rule collection accessed through the Local Security Policy snap-in. These rules are intended to help ensure that the files that are required for Windows to operate properly are allowed in an AppLocker rule collection. For information about how to use this tool, see Create AppLocker Default Rules.
Automatically Generate AppLocker Rules wizard
By using the Local Security Policy snap-in, you can automatically generate rules for all files within a folder. The wizard will scan the specified folder and create the condition types that you choose for each file in that folder. For information about how to use this wizard, see Run the Automatically Generate Rules Wizard.
You can edit an AppLocker policy by adding, changing, or removing rules by using the Group Policy Management Console (GPMC).
If you want additional features to manage AppLocker policies, such as version control, use Group Policy management software that allows you to create versions of Group Policy Objects (GPOs). An example of this type of software is the Advanced Group Policy Management feature from the Microsoft Desktop Optimization Pack. For more information about Advanced Group Policy Management, see Advanced Group Policy Management Overview (http://go.microsoft.com/fwlink/?LinkId=145013).
Remote Server Administration Tools (RSAT)
You can use a computer with a supported operating system that has the Remote Server Administration Tools (RSAT) installed to create and maintain AppLocker policies. To download RSAT, see Remote Server Administration Tools for Windows 7 (http://go.microsoft.com/fwlink/?LinkID=153874) or Remote Server Administration Tools for Windows 8.
The AppLocker log contains information about applications that are affected by AppLocker rules. For information about using Event Viewer to review the AppLocker logs, see Using Event Viewer with AppLocker, and View the AppLocker Log in Event Viewer.
AppLocker PowerShell cmdlets
The AppLocker Windows PowerShell cmdlets are designed to streamline the administration of AppLocker policy. They can be used to help create, test, maintain, and troubleshoot an AppLocker policy. The cmdlets are intended to be used in conjunction with the AppLocker user interface that is accessed through the Local Security Policy snap-in and the GPMC. For information about the cmdlets, see the AppLocker PowerShell Command Reference.