Enable the DLL Rule Collection


Applies To: Windows 8.1, Windows Server 2012 R2, Windows Server 2012, Windows 8

This topic describes the steps to enable the DLL rule collection feature for AppLocker in Windows Server 2012 and Windows 8.

The DLL rule collection includes the .dll and .ocx file formats.

For information about these rules, see DLL Rules in AppLocker.

You can perform this task by using the Group Policy Management Console for an AppLocker policy in a Group Policy Object (GPO) or by using the Local Security Policy snap-in for an AppLocker policy on a local computer or in a security template. For information how to use these MMC snap-ins to administer AppLocker, see Using the MMC snap-ins to administer AppLocker.

To enable the DLL rule collection

  1. In the console tree in the snap-in, double-click Application Control Policies, right-click AppLocker, and then click Properties.

  2. Click the Advanced tab, select the Enable the DLL rule collection check box, and then click OK.


    Before you enforce DLL rules, make sure that there are allow rules for each DLL that is used by any of the allowed applications.