Enforce AppLocker Rules

Applies To: Windows Server 2008 R2

After AppLocker rules are created, you can enforce the rules.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To enforce rules

  1. Click Start, type secpol.msc in the Search programs and files box, and then press ENTER. You can also:

    1. Click Start, and then click Control Panel.

    2. Click System and Security, and then click Administrative Tools.

    3. Double-click Local Security Policy.

  2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.

  3. In the console tree, double-click Application Control Policies, right-click AppLocker, and then click Properties.

  4. On the Enforcement tab, select the Configured check box for the rule collection that you want to enforce, and then verify that Enforce rules is selected in the list for that rule collection.

  5. Repeat step 4 to configure enforcement for additional rule collections.

  6. Click OK.

Because the DLL rule collection is not enabled by default, you must perform the following procedure before you can create and enforce DLL rules.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To enable the DLL rule collection

  1. Click Start, type secpol.msc in the Search programs and files box, and then press ENTER. You can also:

    1. Click Start, and then click Control Panel.

    2. Click System and Security, and then click Administrative Tools.

    3. Double-click Local Security Policy.

  2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.

  3. In the console tree, double-click Application Control Policies, right-click AppLocker, and then click Properties.

  4. Click the Advanced tab, select the Enable the DLL rule collection check box, and then click OK.

Important

Before you enforce DLL rules, make sure that there are allow rules for each DLL that is used by any of the allowed applications.

Additional references