Microsoft Windows 7 AppLocker – Automated Rules

AppLocker is one of the great new features in Windows 7, well, that is, if you have Enterprise Edition or Ultimate Edition. It's really sad that Microsoft didn't just allow any Windows 7 client to support this feature (and quite a statement to their true lack of concern for customer service these days).

My rant aside, did you know that you can automatically generate rules for the allowed applications instead of manually creating rules for each app? You sure can.

The best way to do it is to build a reference computer that has all of the applications installed that you want AppLocker to allow. Then, on this reference computer, open the local Group Policy editor (remember, the faithful GPEDIT.MSC?). Now, navigate to Computer ConfigurationPoliciesWindows SettingsSecurity SettingsApplication Control Policies. Right-click on the Executable Rules node and select to Automatically Generate Rules.

After you've gone through the wizard selecting the rule types you want to generate, right-click on the Application Control Policies node and select to Export the Policy. You'll save the policy as an XML file. Now go to your Server 2008 R2 server and import the policy into the desired GPO. It really is that easy.

This method makes creating Windows 7 AppLocker rules a breeze.