Delete an AppLocker rule
- Windows 10
- Windows 11
- Windows Server 2016 and above
Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the Windows Defender Application Control feature availability.
This article for IT professionals describes the steps to delete an AppLocker rule.
As older apps are retired and new apps are deployed in your organization, it will be necessary to modify the application control policies. If an app becomes unsupported by the IT department or is no longer allowed due to the organization's security policy, then deleting the rule or rules associated with that app will prevent the app from running.
For info about testing an AppLocker policy to see what rules affect which files or applications, see Test an AppLocker policy by Using Test-AppLockerPolicy.
You can perform this task by using the Group Policy Management Console for an AppLocker policy in a Group Policy Object (GPO) or by using the Local Security Policy snap-in for an AppLocker policy on a local computer or in a security template. For info how to use these MMC snap-ins to administer AppLocker, see Administer AppLocker.
These steps apply only for locally managed devices. If the device has AppLocker policies applied by using MDM or a GPO, the local policy will not override those settings.
To delete a rule in an AppLocker policy
- Open the AppLocker console.
- Click the appropriate rule collection for which you want to delete the rule.
- In the details pane, right-click the rule to delete, click Delete, and then click Yes.
- When using Group Policy, the Group Policy Object must be distributed or refreshed for rule deletion to take effect on devices.
- Application Identity service needs to be running for deleting Applocker rules. If you disable Applocker and delete Applocker rules, make sure to stop the Application Identity service after deleting Applocker rules. If the Application Identity service is stopped before deleting Applocker rules, and if Applocker blocks apps that are disabled, delete all of the files at
When the following procedure is performed on the local device, the AppLocker policy takes effect immediately.
To clear AppLocker policies on a single system or remote systems
Use the Set-AppLockerPolicy cmdlet with the -XMLPolicy parameter, using an .XML file that contains the following contents:
<AppLockerPolicy Version="1"> <RuleCollection Type="Exe" EnforcementMode="NotConfigured" /> <RuleCollection Type="Msi" EnforcementMode="NotConfigured" /> <RuleCollection Type="Script" EnforcementMode="NotConfigured" /> <RuleCollection Type="Dll" EnforcementMode="NotConfigured" /> <RuleCollection Type="Appx" EnforcementMode="NotConfigured" /> </AppLockerPolicy>
To use the Set-AppLockerPolicy cmdlet, first import the AppLocker modules:
PS C:\Users\Administrator> import-module AppLocker
We will create a file (for example, clear.xml), place it in the same directory where we are executing our cmdlet, and add the preceding XML contents. Then run the following command:
C:\Users\Administrator> Set-AppLockerPolicy -XMLPolicy .\clear.xml
This will remove all AppLocker Policies on a machine and could be potentially scripted to use on multiple machines using remote execution tools with accounts with proper access.