Create an AppLocker Rule

Applies To: Windows Server 2008 R2

You can create new rules by using the Create Rules Wizard.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To create a new rule

  1. Click Start, type secpol.msc in the Search programs and files box, and then press ENTER. You can also:

    1. Click Start, and then click Control Panel.

    2. Click System and Security, and then click Administrative Tools.

    3. Double-click Local Security Policy.

  2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.

  3. In the console tree, double-click Application Control Policies, and then double-click AppLocker.

  4. Right-click the rule collection for which you want to create the rule, and then click Create New Rule.

  5. On the Before You Begin page, click Next.

  6. Click Allow or Deny to allow or deny the files contained within the rule.

  7. Click Select. In the Select User or Group box, type the appropriate security group or user, and then click OK.

  8. Click Next.

  9. Click the appropriate rule condition for this rule. You can choose from Publisher, Path, or File hash, and then click Next.

  10. Depending on the rule condition you selected, you are asked for different criteria:

    • Publisher rule condition. Click Browse to select the file for which you want to extract the publisher information. To edit the publisher information, select the Use custom values check box, and then edit the values. Click Next.

    • Path rule condition. Navigate to the file or folder by clicking Browse Folders or Browse Files. Optionally, you can type the path into the Path box. Click Next.

    • File hash rule condition. Navigate to the file or folder by clicking Browse Folders or Browse Files. Click Next.

  11. (Optional) On the Exceptions page, specify the publisher or path that you want to exclude from the rule, and then click Next.

Note

You cannot create exceptions for file hash rules.

  1. In the Name box, type a name that you can use to identify the rule.

  2. In the Description box, type a description that explains the purpose of this rule.

  3. Click Create.

Additional references