Create Your AppLocker rules

This article for the IT professional describes what you need to know about AppLocker rules and the methods used to create rules.

Creating AppLocker rules

AppLocker rules control what apps run in your organization. Depending on the complexity of your organization's application requirements, managing these application control rules can be time-consuming and error prone. With AppLocker, you can generate rules automatically or create rules individually. Creating rules that are derived from your planning document can help you avoid unintended results. For info about this planning document and other planning activities, see AppLocker Design Guide.

Automatically generate your rules

You can use a reference device to automatically create a set of default rules for each of the installed apps, test and modify each rule as necessary, and deploy the policies. Creating rules for all installed apps gives you a starting point to build and test your policies. For info about performing this task, see the following articles:

Create your rules individually

Creating rules individually might be best when you're managing a few applications within a business group.

Note

The AppLocker wizards can generate default rules for each rule collection. These rules are intended to help ensure that the files that are required for Windows to operate properly are allowed in an AppLocker rule collection. You can also edit the default rules. For information about creating the default rules for the Windows operating system, see Create AppLocker default rules.

For information about performing this task, see:

  1. Create a rule that uses a publisher condition
  2. Create a rule that uses a path condition
  3. Create a rule that uses a file hash condition
  4. Edit AppLocker rules
  5. Enforce AppLocker rules
  6. Configure an AppLocker policy for audit only

About selecting rules

AppLocker policies are composed of rules to allow or deny specific app files. These rules are grouped into rule collections, and they're implemented through an AppLocker policy definition. AppLocker policies are managed by using Group Policy or by using the Local Security Policy snap-in for a single computer.

For info about how to determine and document your AppLocker rules, see AppLocker Design Guide.

For info about AppLocker rules and AppLocker policies, see the following articles:

Next steps

  1. Import an AppLocker policy into a GPO
  2. Import an AppLocker policy from another computer
  3. Test and update an AppLocker policy
  4. Deploy the AppLocker policy into production