Determining Group Policy Structure and Rule Enforcement
Updated: June 21, 2012
Applies To: Windows 7, Windows 8, Windows Server 2008 R2, Windows Server 2012
This overview topic describes the process for planning to deploy AppLocker rules.
You should review the following topics to learn how to structure AppLocker rules for the targeted business groups in your organization:
Understanding AppLocker Enforcement Settings
This topic describes the AppLocker enforcement settings for rule collections.
Understanding AppLocker Rules and Enforcement Setting Inheritance in Group Policy
This topic describes what you need to investigate, determine, and record in your application control policies plan.
When determining how many Group Policy Objects (GPOs) to create to apply an AppLocker policy in your organization, you should consider the following:
Whether you are creating new GPOs or using existing GPOs
Whether you are implementing both Software Restriction Policies (SRP) policies and AppLocker policies in the same GPO
GPO naming conventions
GPO size limits
Note
There is no default limit on the number of AppLocker rules that you can create. However, GPOs have a 2 MB size limit for performance. In Windows Server 2012 and Windows 8, that limit is raised to 100 MB.
After you have determined your Group Policy structure and rule enforcement, record your findings as explained in Document Group Policy Structure and AppLocker Rule Enforcement.