mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-13 05:47:23 +00:00
Update create-a-rule-for-packaged-apps.md
This commit is contained in:
jsuther1974
parent
16fee2768e
commit
365d88dded
@ -3,29 +3,26 @@ title: Create a rule for packaged apps
|
|||||||
description: This article for IT professionals shows how to create an AppLocker rule for packaged apps with a publisher condition.
|
description: This article for IT professionals shows how to create an AppLocker rule for packaged apps with a publisher condition.
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
ms.topic: conceptual
|
ms.topic: conceptual
|
||||||
ms.date: 09/21/2017
|
ms.date: 12/21/2023
|
||||||
---
|
---
|
||||||
|
|
||||||
# Create a rule for packaged apps
|
# Create a rule for packaged apps
|
||||||
|
|
||||||
>[!NOTE]
|
|
||||||
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
|
|
||||||
|
|
||||||
This article for IT professionals shows how to create an AppLocker rule for packaged apps with a publisher condition.
|
This article for IT professionals shows how to create an AppLocker rule for packaged apps with a publisher condition.
|
||||||
|
|
||||||
Packaged apps, also known as Universal Windows apps, are based on an app model that ensures that all the files within an app package share the same identity. Therefore, it's possible to control the entire app using a single AppLocker rule as opposed to the non-packaged apps where each file within the app could have a unique identity. Windows doesn't support unsigned packaged apps, which implies all packaged apps must be signed. AppLocker supports only publisher rules for packaged apps. A publisher rule for a packaged app is based on the following information:
|
Packaged apps are based on an app model that ensures that all the files within an app package share the same identity. Therefore, it's possible to control the entire app using a single AppLocker rule as opposed to unpackaged apps where each file within the app could have a unique identity. All packaged apps must be signed. AppLocker supports only publisher rules for packaged apps. A publisher rule for a packaged app is based on the following information:
|
||||||
|
|
||||||
- Publisher of the package
|
- Publisher of the package
|
||||||
- Package name
|
- Package name
|
||||||
- Package version
|
- Package version
|
||||||
|
|
||||||
All the files within a package and the package installers share these attributes. Therefore, an AppLocker rule for a packaged app controls both the installation and the running of the app. Otherwise, the publisher rules for packaged apps are no different than the rest of the rule collections; they support exceptions, can be increased or decreased in scope, and can be assigned to users and groups.
|
All the files within a package and the package installers share these attributes. Therefore, an AppLocker rule for a packaged app controls both the installation and the running of the app. Otherwise, the publisher rules for packaged apps behave the same as in other rule collections.
|
||||||
|
|
||||||
For info about the publisher condition, see [Understanding the publisher rule condition in AppLocker](understanding-the-publisher-rule-condition-in-applocker.md).
|
For info about the publisher condition, see [Understanding the publisher rule condition in AppLocker](understanding-the-publisher-rule-condition-in-applocker.md).
|
||||||
|
|
||||||
You can perform this task by using the Group Policy Management Console for an AppLocker policy in a Group Policy Object (GPO) or by using the Local Security Policy snap-in for an AppLocker policy on a local computer or in a security template. For info how to use these MMC snap-ins to administer AppLocker, see [Administer AppLocker](administer-applocker.md#bkmk-using-snapins).
|
To manage an AppLocker policy in a Group Policy Object (GPO), you can perform this task by using the Group Policy Management Console. To manage an AppLocker policy for the local computer or for use in a security template, use the Local Security Policy snap-in. For info how to use these MMC snap-ins to administer AppLocker, see [Administer AppLocker](administer-applocker.md#using-the-mmc-snap-ins-to-administer-applocker).
|
||||||
|
|
||||||
**To create a packaged app rule**
|
## To create a packaged app rule
|
||||||
|
|
||||||
1. Open the AppLocker console.
|
1. Open the AppLocker console.
|
||||||
2. On the **Action** menu, or by right-clicking on **Packaged app Rules**, select **Create New Rule**.
|
2. On the **Action** menu, or by right-clicking on **Packaged app Rules**, select **Create New Rule**.
|
||||||
@ -35,8 +32,8 @@ You can perform this task by using the Group Policy Management Console for an Ap
|
|||||||
|
|
||||||
| Selection | Description | Example |
|
| Selection | Description | Example |
|
||||||
| --- | --- | --- |
|
| --- | --- | --- |
|
||||||
|**Use an installed packaged app as a reference**|If selected, AppLocker requires you to choose an app that is already installed on which to base your new rule. AppLocker uses the publisher, package name and package version to define the rule.|You want the Sales group only to use the app named Microsoft.BingMaps for its outside sales calls. The Microsoft.BingMaps app is already installed on the device where you're creating the rule, so you choose this option, and select the app from the list of apps installed on the computer and create the rule using this app as a reference.|
|
| **Use an installed packaged app as a reference** | If selected, AppLocker requires you to choose an app that is already installed on which to base your new rule. AppLocker uses the publisher, package name and package version to define the rule. | You want the Sales group only to use the app named Microsoft.BingMaps for its outside sales calls. The Microsoft.BingMaps app is already installed on the device where you're creating the rule, so you choose this option. Then select the app from the list of apps installed on the computer and create the rule using this app as a reference. |
|
||||||
|**Use a packaged app installer as a reference**|If selected, AppLocker requires you to choose an app installer on which to base your new rule. A packaged app installer has the .appx extension. AppLocker uses the publisher, package name, and package version of the installer to define the rule.|Your company has developed many internal line-of-business packaged apps. The app installers are stored on a common file share. Employees can install the required apps from that file share. You want to allow all your employees to install the Payroll app from this share. So you choose this option from the wizard, browse to the file share, and choose the installer for the Payroll app as a reference to create your rule.|
|
| **Use a packaged app installer as a reference** | If selected, AppLocker requires you to choose an app installer on which to base your new rule. A packaged app installer has the .appx extension. AppLocker uses the publisher, package name, and package version of the installer to define the rule.|Your company develops many internal line-of-business packaged apps. The app installers are stored on a common file share. Employees can install the required apps from that file share. You want to allow all your employees to install the Payroll app from this share. So you choose this option from the wizard, browse to the file share, and choose the installer for the Payroll app as a reference to create your rule. |
|
||||||
|
|
||||||
The following table describes setting the scope for the packaged app rule.
|
The following table describes setting the scope for the packaged app rule.
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user