Copyright

AppLocker in Windows Server 2016: Rule Types & Uses

Instructor: Muhamad Nur Ikmal bin Mohd Said

Muhamad Nur Ikmal bin Mohd Said has a Malaysia Skills and Vocational Diploma in Computer System and Networking with years of enhanced soft-skills and hands-on experience.

In this lesson, you'll learn about the use of AppLocker in Windows Server, how it works and its rule types. We'll also be exploring the ways to create different types of AppLocker rules within the Group Policy Management Editor using the AppLocker tool.

What Is AppLocker?

AppLocker is a security feature that prevents users from running unknown files on their computer. It is available for Windows 7 and Windows Server 2008 R2 or later. AppLocker plays an important role in protecting users against computer threats that are commonly distributed through files from unknown sources.

How AppLocker Works?

AppLocker works by using a set of rules created by the system administrator on the client computer or through Group Policy Management in Active Directory Domain Services.

  • These rules determine which file types can be run and where it can be run by the users.
  • If a user attempts to run an unknown file, AppLocker will block the file from running.
  • AppLocker also works for folders, which allows system administrators to create custom rules for their needs.

Types of AppLocker Rules


Types of AppLocker Rules


  • Executable rules: Applicable to executable files like EXE files.
  • Windows installer rules: Applicable to files that are used for software installation like MSI files.
  • Script rules : Applicable to scripts like BAT files.
  • Packaged app rules: Applicable to APPX files obtained from Windows Store.

Types of AppLocker Conditions

  • Publisher: Allows or deny users to run digitally signed applications by the software publisher.
  • Path: Allows or deny users to run files inside a specific folder.
  • File Hash: Allows or deny users to run files based on the hash for the files calculated by AppLocker for authentication.

Creating AppLocker Rules

For this lesson, we will use Active Directory domain example.com in Windows Server 2016 to create AppLocker rules.

Accessing the Group Policy Management

  • On the Desktop, click Start to open the Start Menu.
  • Find and click the Server Manager icon.
  • Click on Tools and select Group Policy Management.

Accessing AppLocker

  • On the Group Policy Management, select the Group Policy Objects folder. Right-click and select New to create a new Group Policy Object (GPO). Name it AppLocker and click OK.
  • Right-click on the AppLocker item and select Edit.
  • On the Group Policy Management Editor, select Computer Configuration > Policies > Windows Settings > Security Settings > Application Control Policies > AppLocker.

Setting Up AppLocker

  • Enable AppLocker rule enforcement by clicking at the Configure rule enforcement link.
  • On the Enforcement tab inside the AppLocker Properties, tick the box next to Configured to enable it. Enable all the items, set them to Enforce rules and click OK to save the settings.

Creating Default AppLocker Rules

The default rules allow all users to run files in Program Files and Windows system folders only. However, administrators are allowed to run any file anywhere in the system.

  • On the left side of Group Policy Management Editor, right-click on either Executable Rules, Windows Installer Rules, Script Rules or Packaged App Rules under AppLocker and select Create Default Rules.

Creating AppLocker Rules Automatically

AppLocker's automatic rules creation can be used if you want to add rules for multiple files in a folder.

  • On the left side of Group Policy Management Editor, right-click on right-click on either Executable Rules, Windows Installer Rules, Script Rules or Packaged App Rules under AppLocker and select Automatically Generate Rules....
  • From the wizard, you can select which users or groups are affected by the rules, browse and select the folder involved, and create a name for the set of rules. Then, click Next.
  • On the Rule Preferences screen, you can either create a Publisher rule for signed files with File Hash/Path rules for unsigned files or create a File Hash rule for all files in the specified folder.
  • You can also tick the Reduce the number of rules created by grouping similar files checkbox to group similar files into a few rules. Then, click Next.
  • On the Review Rules screen, you can check the rules that will be created. You can also review the files that were analyzed as well as view the rules that are created automatically. Finally, click Create.

Manually Creating AppLocker Rules

Creating manual AppLocker rules allows you to have more control over the rules to make.

To unlock this lesson you must be a Study.com Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use Study.com

Become a Study.com member and start learning now.
Become a Member  Back
What teachers are saying about Study.com
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 200 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? Study.com has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create an account
Support