deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 13:23:36 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update script-rules-in-applocker.md

Browse Source
This commit is contained in:
Denise Vangel-MSFT
2022-06-15 14:36:26 -07:00
committed by GitHub
parent 19119c4179
commit 1c082992e6
1 changed files with 15 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md
View File

@ -14,7 +14,7 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/21/2017
ms.date: 06/15/2022
ms.technology: windows-sec
---
@ -30,26 +30,26 @@ ms.technology: windows-sec
> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
This topic describes the file formats and available default rules for the script rule collection.
This article describes the file formats and available default rules for the script rule collection.
AppLocker defines script rules to include only the following file formats:
- .ps1
- .bat
- .cmd
- .vbs
- .js
- `.ps1`
- `.bat`
- `.cmd`
- `.vbs`
- `.js`
The following table lists the default rules that are available for the script rule collection.
| Purpose | Name | User | Rule condition type |
| - | - | - | - |
| Allows members of the local Administrators group to run all scripts| (Default Rule) All scripts| BUILTIN\Administrators | Path: *|
| Allow all users to run scripts in the Windows folder| (Default Rule) All scripts located in the Windows folder| Everyone | Path: %windir%\*|
| Allow all users to run scripts in the Program Files folder| (Default Rule) All scripts located in the Program Files folder|Everyone | Path: %programfiles%\*|
| Allows members of the local Administrators group to run all scripts| (Default Rule) All scripts| BUILTIN\Administrators | Path: `*\` |
| Allow all users to run scripts in the Windows folder| (Default Rule) All scripts located in the Windows folder| Everyone | Path: `%windir%\*` |
| Allow all users to run scripts in the Program Files folder| (Default Rule) All scripts located in the Program Files folder|Everyone | Path: `%programfiles%\*`|
> [!NOTE]
> Windows Defender Application Control cannot be used to block Powershell scripts. Applocker just forces Powershell scripts to be run in Constrained Language Mode. Also note that in cases where a PS1 script is "blocked", AppLocker generates an 8007 event - which literally states the script will be blocked. After which the script runs.
## Related topics
## Related articles
- [Understanding AppLocker default rules](understanding-applocker-default-rules.md)