From f327a95b3f919ef4106150dd3cbbbfa6021a4f92 Mon Sep 17 00:00:00 2001 From: Baard Hermansen Date: Fri, 27 Sep 2019 18:10:12 +0200 Subject: [PATCH] Update understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md Updated markdown. --- ...les-and-enforcement-setting-inheritance-in-group-policy.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md index eef85dda63..ce6f6d4292 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md @@ -30,7 +30,9 @@ Rule enforcement is applied only to collections of rules, not individual rules. Group Policy merges AppLocker policy in two ways: - **Rules.** Group Policy does not overwrite or replace rules that are already present in a linked Group Policy Object (GPO). For example, if the current GPO has 12 rules and a linked GPO has 50 rules, 62 rules are applied to all computers that receive the AppLocker policy. - >**Important:**  When determining whether a file is permitted to run, AppLocker processes rules in the following order: + + > [!IMPORTANT] + > When determining whether a file is permitted to run, AppLocker processes rules in the following order: 1. **Explicit deny.** An administrator created a rule to deny a file. 2. **Explicit allow.** An administrator created a rule to allow a file.