Create AppLocker Default Rules

Applies To: Windows 7, Windows Server 2008 R2

This topic describes the steps to create a standard set of AppLocker rules that will allow Windows system files to run.

AppLocker includes default rules for each rule collection. These rules are intended to help ensure that the files that are required for Windows to operate properly are allowed to run.


You can use the default rules as a template when creating your own rules to allow files within the Windows folders to run. However, these rules are only meant to function as a starter policy when you are first testing AppLocker rules. The default rules can be modified in the same way as other AppLocker rule types.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To create default rules

  1. Click Start, type secpol.msc in the Search programs and files box, and then press ENTER.

  2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.

  3. In the console tree, double-click Application Control Policies, and then double-click AppLocker.

  4. Right-click the appropriate rule type for which you want to automatically generate default rules. You can automatically generate rules for executable, Windows Installer, and script rules.

  5. Click Create Default Rules.