Requirements to use AppLocker
Note
Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the Windows Defender Application Control feature availability.
This topic for the IT professional lists software requirements to use AppLocker on the supported Windows operating systems.
General requirements
To use AppLocker, you need:
- A device running a supported operating system to create the rules. The computer can be a domain controller.
- For Group Policy deployment, at least one device with the Group Policy Management Console (GPMC) or Remote Server Administration Tools (RSAT) installed to host the AppLocker rules.
- Devices running a supported operating system to enforce the AppLocker rules that you create.
Note
As of KB 5024351, Windows 10 versions 2004 and newer and all Windows 11 versions no longer require a specific edition of Windows to enforce AppLocker policies
Operating system requirements
The following table shows the Windows versions on which AppLocker features are supported.
| Version | Can be configured | Can be enforced | Available rules | Notes |
|---|---|---|---|---|
| Windows 10 and Windows 11 | Yes | Yes | Packaged apps Executable Windows Installer Script DLL |
Policies are supported on all editions Windows 10 version 2004 and newer with KB 5024351. Windows versions older than version 2004, including Windows Server 2019:
|
| Windows Server 2019 Windows Server 2016 Windows Server 2012 R2 Windows Server 2012 |
Yes | Yes | Packaged apps Executable Windows Installer Script DLL |
|
| Windows 8.1 Pro | Yes | No | N/A | |
| Windows 8.1 Enterprise | Yes | Yes | Packaged apps Executable Windows Installer Script DLL |
|
| Windows RT 8.1 | No | No | N/A | |
| Windows 8 Pro | Yes | No | N/A | |
| Windows 8 Enterprise | Yes | Yes | Packaged apps Executable Windows Installer Script DLL |
|
| Windows RT | No | No | N/A | |
| Windows Server 2008 R2 Standard | Yes | Yes | Executable Windows Installer Script DLL |
Packaged app rules won't be enforced. |
| Windows Server 2008 R2 Enterprise | Yes | Yes | Executable Windows Installer Script DLL |
Packaged app rules won't be enforced. |
| Windows Server 2008 R2 Datacenter | Yes | Yes | Executable Windows Installer Script DLL |
Packaged app rules won't be enforced. |
| Windows Server 2008 R2 for Itanium-Based Systems | Yes | Yes | Executable Windows Installer Script DLL |
Packaged app rules won't be enforced. |
| Windows 7 Ultimate | Yes | Yes | Executable Windows Installer Script DLL |
Packaged app rules won't be enforced. |
| Windows 7 Enterprise | Yes | Yes | Executable Windows Installer Script DLL |
Packaged app rules won't be enforced. |
| Windows 7 Professional | Yes | No | Executable Windows Installer Script DLL |
No AppLocker rules are enforced. |
AppLocker isn't supported on versions of the Windows operating system not listed above. Software Restriction Policies can be used with those versions. However, the SRP Basic User feature isn't supported on the above operating systems.
Note
You can use Software Restriction Policies with AppLocker, but with some limitations. For more info, see Use AppLocker and Software Restriction Policies in the same domain.
See also
Feedback
Submit and view feedback for