Share via


Edit an AppLocker Rule

Applies To: Windows Server 2008 R2

You can use AppLocker to edit rules that you have created.

Editing a publisher rule

The following procedure describes how to edit a publisher rule.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To edit a publisher rule

  1. Click Start, type secpol.msc in the Search programs and files box, and then press ENTER. You can also:

    1. Click Start, and then click Control Panel.

    2. Click System and Security, and then click Administrative Tools.

    3. Double-click Local Security Policy.

  2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.

  3. In the console tree, double-click Application Control Policies, and then double-click AppLocker.

  4. Click the appropriate rule collection.

  5. In the Action pane, right-click the publisher rule, and then click Properties.

  6. Click the appropriate tab to edit the rule properties.

    • Click the General tab to change the rule name, add a rule description, configure whether the rule is used to allow or deny applications, and set the security group for which this rule should apply.

    • Click the Publisher tab to configure the certificate's common name, the product name, the file name, or file version of the publisher.

    • Click the Exceptions tab to create or edit exceptions.

    • When you finish updating the rule, click OK.

Editing a file hash rule

The following procedure describes how to edit a hash rule.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To edit a file hash rule

  1. Click Start, type secpol.msc in the Search programs and files box, and then press ENTER. You can also:

    1. Click Start, and then click Control Panel.

    2. Click System and Security, and then click Administrative Tools.

    3. Double-click Local Security Policy.

  2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.

  3. In the console tree, double-click Application Control Policies, and then double-click AppLocker.

  4. Choose the appropriate rule collection.

  5. In the Action pane, right-click the file hash rule, and then click Properties.

  6. Click the appropriate tab to edit the rule properties.

    • Click the General tab to change the rule name, add a rule description, configure whether the rule is used to allow or deny applications, and set the security group in which this rule should apply.

    • Click the File Hash tab to configure the files that should be used to enforce the rule. You can use the Browse Files button to add a specific file or the Browse Folders button to add all files in a specified folder.

    • When you finish updating the rule, click OK.

Editing a path rule

The following procedure describes how to edit a path rule.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To edit a path rule

  1. Click Start, type secpol.msc in the Search programs and files box, and then press ENTER. You can also:

    1. Click Start, and then click Control Panel.

    2. Click System and Security, and then click Administrative Tools.

    3. Double-click Local Security Policy.

  2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Yes.

  3. In the console tree, double-click Application Control Policies, and then double-click AppLocker.

  4. Choose the appropriate rule collection.

  5. In the Action pane, right-click the path rule, and then click Properties.

  6. Click the appropriate tab to edit the rule properties.

    • Click the General tab to change the rule name, add a rule description, configure whether the rule is used to allow or deny applications, and set the security group in which this rule should apply.

    • Click the Path tab to configure the path on the computer in which the rule should be enforced.

    • Click the Exceptions tab to create exceptions for specific files in a folder.

    • When you finish updating the rule, click OK.

Additional references