Administer AppLocker

Article
12/09/2022

Applies to

Windows 10
Windows 11
Windows Server 2016 and above

Note

Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the Windows Defender Application Control feature availability.

This topic for IT professionals provides links to specific procedures to use when administering AppLocker policies.

AppLocker helps administrators control how users can access and use files, such as executable files, packaged apps, scripts, Windows Installer files, and DLLs. Using AppLocker, you can:

Define rules based on file attributes derived from the digital signature, including the publisher, product name, file name, and file version. For example, you can create rules based on the publisher attribute that is persistent through updates, or you can create rules for a specific version of a file.
Assign a rule to a security group or an individual user.
Create exceptions to rules. For example, you can create a rule that allows all Windows processes to run, except Registry Editor (regedit.exe).
Use audit-only mode to deploy the policy and understand its impact before enforcing it.
Import and export rules. The import and export affects the entire policy. For example, if you export a policy, all of the rules from all of the rule collections are exported, including the enforcement settings for the rule collections. If you import a policy, the existing policy is overwritten.
Simplify creating and managing AppLocker rules by using AppLocker PowerShell cmdlets.

Note For more info about enhanced capabilities of AppLocker to control Windows apps, see Packaged apps and packaged app installer rules in AppLocker.

In this section

Topic	Description
Maintain AppLocker policies	This topic describes how to maintain rules within AppLocker policies.
Edit an AppLocker policy	This topic for IT professionals describes the steps required to modify an AppLocker policy.
Test and update an AppLocker policy	This topic discusses the steps required to test an AppLocker policy prior to deployment.
Deploy AppLocker policies by using the enforce rules setting	This topic for IT professionals describes the steps to deploy AppLocker policies by using the enforcement setting method.
Use the AppLocker Windows PowerShell cmdlets	This topic for IT professionals describes how each AppLocker Windows PowerShell cmdlet can help you administer your AppLocker application control policies.
Use AppLocker and Software Restriction Policies in the same domain	This topic for IT professionals describes concepts and procedures to help you manage your application control strategy using Software Restriction Policies and AppLocker.
Optimize AppLocker performance	This topic for IT professionals describes how to optimize AppLocker policy enforcement.
Monitor app usage with AppLocker	This topic for IT professionals describes how to monitor app usage when AppLocker policies are applied.
Manage packaged apps with AppLocker	This topic for IT professionals describes concepts and lists procedures to help you manage Packaged apps with AppLocker as part of your overall application control strategy.
Working with AppLocker rules	This topic for IT professionals describes AppLocker rule types and how to work with them for your application control policies.
Working with AppLocker policies	This topic for IT professionals provides links to procedural topics about creating, maintaining, and testing AppLocker policies.

Using the MMC snap-ins to administer AppLocker

You can administer AppLocker policies by using the Group Policy Management Console to create or edit a Group Policy Object (GPO), or to create or edit an AppLocker policy on a local computer by using the Local Group Policy Editor snap-in or the Local Security Policy snap-in (secpol.msc).