From cd26264341ac55fb636f8880b839265b93fce78f Mon Sep 17 00:00:00 2001
From: LucasArona <LucasArona@users.noreply.github.com>
Date: Thu, 4 Jan 2018 00:01:27 +0100
Subject: [PATCH 1/2] Example updated to make it easier to understand

---
 .../applocker/understanding-applocker-rule-exceptions.md      | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/windows/device-security/applocker/understanding-applocker-rule-exceptions.md b/windows/device-security/applocker/understanding-applocker-rule-exceptions.md
index bd2a39dec4..e4f75155ca 100644
--- a/windows/device-security/applocker/understanding-applocker-rule-exceptions.md
+++ b/windows/device-security/applocker/understanding-applocker-rule-exceptions.md
@@ -20,7 +20,9 @@ This topic describes the result of applying AppLocker rule exceptions to rule co
 
 You can apply AppLocker rules to individual users or a group of users. If you apply a rule to a group of users, all users in that group are affected by that rule. If you need to allow a subset of a user group to use an app, you can create a special rule for that subset.
 
-For example, the rule "Allow Everyone to run Windows except Registry Editor" allows everyone in the organization to run Windows but does not allow anyone to run Registry Editor. The effect of this rule would prevent users such as help desk personnel from running a program that is necessary for their support tasks. To resolve this problem, create a second rule that applies to the Helpdesk user group: "Allow Helpdesk to run Registry Editor." If you create a deny rule that does not allow any users to run Registry Editor, the deny rule will override the second rule that allows the Helpdesk user group to run Registry Editor.
+For example, the rule "Allow Everyone to run Windows except Registry Editor" allows Everyone to run Windows binaries, but does not allow anyone to run Registry Editor (by adding %WINDIR%\regedit.exe as a Path Exception of the rule).
+The effect of this rule would prevent users such as Helpdesk personnel from running the Registry Editor, a program that is necessary for their support tasks. 
+To resolve this problem, create a second rule that applies to the Helpdesk user group: "Allow Helpdesk to run Registry Editor" and add %WINDIR%\regedit.exe as an allowed path. If you create a deny rule that does not allow any users to run Registry Editor, the deny rule will override the second rule that allows the Helpdesk user group to run Registry Editor.
 
 ## Related topics
 

From 7e01e64958bd8f2d8e9579e0581fef73a739a6f3 Mon Sep 17 00:00:00 2001
From: LucasArona <LucasArona@users.noreply.github.com>
Date: Thu, 4 Jan 2018 00:05:20 +0100
Subject: [PATCH 2/2] Update understanding-applocker-rule-exceptions.md

---
 .../applocker/understanding-applocker-rule-exceptions.md      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/device-security/applocker/understanding-applocker-rule-exceptions.md b/windows/device-security/applocker/understanding-applocker-rule-exceptions.md
index e4f75155ca..c7817633da 100644
--- a/windows/device-security/applocker/understanding-applocker-rule-exceptions.md
+++ b/windows/device-security/applocker/understanding-applocker-rule-exceptions.md
@@ -20,8 +20,8 @@ This topic describes the result of applying AppLocker rule exceptions to rule co
 
 You can apply AppLocker rules to individual users or a group of users. If you apply a rule to a group of users, all users in that group are affected by that rule. If you need to allow a subset of a user group to use an app, you can create a special rule for that subset.
 
-For example, the rule "Allow Everyone to run Windows except Registry Editor" allows Everyone to run Windows binaries, but does not allow anyone to run Registry Editor (by adding %WINDIR%\regedit.exe as a Path Exception of the rule).
-The effect of this rule would prevent users such as Helpdesk personnel from running the Registry Editor, a program that is necessary for their support tasks. 
+For example, the rule "Allow Everyone to run Windows except Registry Editor" allows Everyone to run Windows binaries, but does not allow anyone to run Registry Editor (by adding %WINDIR%\regedit.exe as a Path Exception of the rule).  
+The effect of this rule would prevent users such as Helpdesk personnel from running the Registry Editor, a program that is necessary for their support tasks.  
 To resolve this problem, create a second rule that applies to the Helpdesk user group: "Allow Helpdesk to run Registry Editor" and add %WINDIR%\regedit.exe as an allowed path. If you create a deny rule that does not allow any users to run Registry Editor, the deny rule will override the second rule that allows the Helpdesk user group to run Registry Editor.
 
 ## Related topics