Reviewed and updated Applocker articles

windows/security/application-security/application-control/windows-defender-application-control/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md

@@ -1,18 +1,15 @@
 ---
 title: Add rules for packaged apps to existing AppLocker rule-set
-description: This topic for IT professionals describes how to update your existing AppLocker policies for packaged apps using the Remote Server Administration Toolkit (RSAT).
+description: This article for IT professionals describes how to update your existing AppLocker policies for packaged apps using the Remote Server Administration Toolkit (RSAT).
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 09/21/2017
+ms.date: 12/22/2023
 ---
 
 # Add rules for packaged apps to existing AppLocker rule-set
 
-> [!NOTE]
+This article for IT professionals describes how to update your existing AppLocker policies for packaged apps using the Remote Server Administration Toolkit (RSAT).
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
-This topic for IT professionals describes how to update your existing AppLocker policies for packaged apps using the Remote Server Administration Toolkit (RSAT).
+You can create packaged app rules by updating your existing AppLocker rule set from any supported computer. Download and install the Remote Server Administration Toolkit (RSAT) from the Microsoft Download Center.
 
-You can create packaged app rules for the computers running Windows Server 2012 or Windows 8 and later in your domain by updating your existing AppLocker rule set. All you need is a computer running at least Windows 8. Download and install the Remote Server Administration Toolkit (RSAT) from the Microsoft Download Center.
+RSAT comes with the Group Policy Management Console that allows you to edit the GPO or GPOs where your existing AppLocker policy is authored. RSAT has the necessary files required to author packaged app rules.
-
-RSAT comes with the Group Policy Management Console that allows you to edit the GPO or GPOs where your existing AppLocker policy is authored. RSAT has the necessary files required to author packaged app rules. Packaged app rules will be ignored on computers running Windows 7 and earlier but will be enforced on those computers in your domain running at least Windows Server 2012 and Windows 8.

windows/security/application-security/application-control/windows-defender-application-control/applocker/configure-the-application-identity-service.md

@@ -1,39 +1,37 @@
 ---
 title: Configure the Application Identity service
-description: This topic for IT professionals shows how to configure the Application Identity service to start automatically or manually.
+description: This article for IT professionals shows how to configure the Application Identity service to start automatically or manually.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 07/01/2021
+ms.date: 12/22/2023
 ---
 
 # Configure the Application Identity service
 
->[!NOTE]
+This article for IT professionals shows how to configure the Application Identity service to start automatically or manually.
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
-This topic for IT professionals shows how to configure the Application Identity service to start automatically or manually.
+The Application Identity service determines and verifies the identity of an app. Stopping this service prevents AppLocker policies from being enforced.
 
-The Application Identity service determines and verifies the identity of an app. Stopping this service will prevent AppLocker policies from being enforced.
+> [!IMPORTANT]
+> When using Group Policy, you must configure the Application Identity service to start automatically in at least one Group Policy Object (GPO) that applies AppLocker rules. This is because AppLocker uses this service to verify the attributes of a file.
 
->**Important:**  When using Group Policy, you must configure it to start automatically in at least one Group Policy Object (GPO) that applies AppLocker rules. This is because AppLocker uses this service to verify the attributes of a file.
+## To start the Application Identity service automatically using Group Policy
- 
-**To start the Application Identity service automatically using Group Policy**
 
 1. On the **Start** screen, type **gpmc.msc** to open the Group Policy Management Console (GPMC).
-2.  Locate the GPO to edit, right-click the GPO, and then click **Edit**.
+2. Locate the GPO to edit, right-click the GPO, and then select **Edit**.
-3.  In the console tree under **Computer Configuration\\Windows Settings\\Security Settings**, click **System Services**.
+3. In the console tree under **Computer Configuration\\Windows Settings\\Security Settings**, select **System Services**.
 4. In the details pane, double-click **Application Identity**.
 5. In **Application Identity Properties**, configure the service to start automatically.
 
 Membership in the local **Administrators** group, or equivalent, is the minimum access required to complete this procedure.
 
-**To start the Application Identity service manually**
+## To start the Application Identity service manually
 
-1.  Right-click the taskbar, and click **Task Manager**.
+1. Right-click the taskbar, and select **Task Manager**.
-2.  Click the **Services** tab, right-click **AppIDSvc**, and then click **Start Service**.
+2. Select the **Services** tab, right-click **AppIDSvc**, and then select **Start Service**.
 3. Verify that the status for the Application Identity service is **Running**.
 
-Starting with Windows 10, the Application Identity service is now a protected process. Because of this, you can no longer manually set the service **Startup type** to **Automatic** by using the Services snap-in. Try either of these methods instead:
+Starting with Windows 10, the Application Identity service is now a protected process. As a result, you can no longer manually set the service **Startup type** to **Automatic** by using the Services snap-in. Try either of these methods instead:
 
 - Open an elevated command prompt or PowerShell session and type:
 

windows/security/application-security/application-control/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md

@@ -1,28 +1,25 @@
 ---
 title: Display a custom URL message when users try to run a blocked app
-description: This topic for IT professionals describes the steps for displaying a customized message to users when an AppLocker policy denies access to an app.
+description: This article for IT professionals describes the steps for displaying a customized message to users when an AppLocker policy blocks an app.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 09/21/2017
+ms.date: 12/21/2023
 ---
 
 # Display a custom URL message when users try to run a blocked app
 
->[!NOTE]
+This article for IT professionals describes the steps for displaying a customized message to users when an AppLocker policy blocks an app.
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
-This topic for IT professionals describes the steps for displaying a customized message to users when an AppLocker policy denies access to an app.
+With the help of Group Policy, AppLocker can be configured to display a message with a custom URL. You can use this URL to redirect users to a support site that contains info about why the user received the error and which apps are allowed. If you don't display a custom message when an app is blocked, the default AppLocker block message is displayed as-is.
-
-With the help of Group Policy, AppLocker can be configured to display a message with a custom URL. You can use this URL to redirect users to a support site that contains info about why the user received the error and which apps are allowed. If you don't display a custom message when an app is blocked, the default access denied message is displayed.
 
 To complete this procedure, you must have the **Edit Setting** permission to edit a GPO. By default, members of the **Domain Admins** group, the **Enterprise Admins** group, and the **Group Policy Creator Owners** group have this permission.
 
-**To display a custom URL message when users try to run a blocked app**
+## To display a custom URL message when users try to run a blocked app
 
 1. On the **Start** screen, type **gpmc.msc** to open the Group Policy Management Console (GPMC).
 2. Navigate to the Group Policy Object (GPO) that you want to edit.
-3.  Right-click the GPO, and then click **Edit**.
+3. Right-click the GPO, and then select **Edit**.
-4.  In the console tree under **Policies\\Administrative Templates\\Windows Components**, click **File Explorer**.
+4. In the console tree under **Policies\\Administrative Templates\\Windows Components**, select **File Explorer**.
 5. In the details pane, double-click **Set a support web page link**.
-6.  Click **Enabled**, and then type the URL of the custom Web page in the **Support Web page URL** box.
+6. Select **Enabled**, and then type the URL of the custom Web page in the **Support Web page URL** box.
-7.  Click **OK** to apply the setting.
+7. Select **OK** to apply the setting.

windows/security/application-security/application-control/windows-defender-application-control/applocker/enforce-applocker-rules.md

@@ -1,24 +1,20 @@
 ---
 title: Enforce AppLocker rules
-description: This topic for IT professionals describes how to enforce application control rules by using AppLocker.
+description: This article for IT professionals describes how to enforce application control rules by using AppLocker.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 09/21/2017
+ms.date: 12/21/2023
 ---
 
 # Enforce AppLocker rules
 
->[!NOTE]
+This article for IT professionals describes how to enforce application control rules by using AppLocker.
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
-
-This topic for IT professionals describes how to enforce application control rules by using AppLocker.
 
 After AppLocker rules are created within the rule collection, you can configure the enforcement setting to **Enforce rules** or **Audit only** on the rule collection.
 
-When AppLocker policy enforcement is set to **Enforce rules**, rules are enforced for the rule collection and all events are audited. When AppLocker policy enforcement is set to **Audit only**, rules are only evaluated but all events generated from that evaluation are written to the AppLocker log.
+When AppLocker policy enforcement is set to **Enforce rules**, rules are enforced and events are logged to the AppLocker logs. When AppLocker policy enforcement is set to **Audit only**, rules are only evaluated but events generated from that evaluation are written to the AppLocker logs.
-
-There is no audit mode for the DLL rule collection. DLL rules affect specific apps. Therefore, test the impact of these rules first before deploying them to production.
 
 To enforce AppLocker rules by configuring an AppLocker policy to **Enforce rules**, see [Configure an AppLocker policy for enforce rules](configure-an-applocker-policy-for-enforce-rules.md).
 
->**Caution:**  AppLocker rules will be enforced immediately on the local device or when the Group Policy object (GPO) is updated by performing this procedure. If you want to see the effect of applying an AppLocker policy before setting the enforcement setting to **Enforce rules**, configure the policy to **Audit only**. For info about how to do this, see [Configure an AppLocker policy for audit only](configure-an-applocker-policy-for-audit-only.md)or [Test an AppLocker policy by Using Test-AppLockerPolicy](test-an-applocker-policy-by-using-test-applockerpolicy.md).
+> [!WARNING]
+> AppLocker rules will be enforced immediately on the local device or when the Group Policy object (GPO) is updated by performing this procedure. If you want to see the effect of applying an AppLocker policy before setting the enforcement setting to **Enforce rules**, configure the policy to **Audit only**. For info about how to do this, see [Configure an AppLocker policy for audit only](configure-an-applocker-policy-for-audit-only.md)or [Test an AppLocker policy by Using Test-AppLockerPolicy](test-an-applocker-policy-by-using-test-applockerpolicy.md).

windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-from-a-gpo.md

@@ -1,26 +1,23 @@
 ---
 title: Export an AppLocker policy from a GPO
-description: This topic for IT professionals describes the steps to export an AppLocker policy from a Group Policy Object (GPO) so that it can be modified.
+description: This article for IT professionals describes the steps to export an AppLocker policy from a Group Policy Object (GPO) so that it can be modified.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 09/21/2017
+ms.date: 12/21/2023
 ---
 
 # Export an AppLocker policy from a GPO
 
->[!NOTE]
+This article for IT professionals describes the steps to export an AppLocker policy from a Group Policy Object (GPO) so that it can be modified.
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
-This topic for IT professionals describes the steps to export an AppLocker policy from a Group Policy Object (GPO) so that it can be modified.
+Updating an AppLocker policy that is currently enforced in your production environment can have unintended results. Therefore, export the policy from the GPO and update the rule or rules on a test or reference device.
-
-Updating an AppLocker policy that is currently enforced in your production environment can have unintended results. Therefore, export the policy from the GPO and update the rule or rules by using AppLocker on your AppLocker reference device.
 
 To complete this procedure, you must have the **Edit Setting** permission to edit a GPO. By default, members of the **Domain Admins** group, the **Enterprise Admins** group, and the **Group Policy Creator Owners** group have this permission.
 
-**Export the policy from the GPO**
+## Export the policy from the GPO
 
 1. In the Group Policy Management Console (GPMC), open the GPO that you want to edit.
-2.  In the console tree under **Computer Configuration\\Policies\\Windows Settings\\Security Settings\\Application Control Policies**, click **AppLocker**.
+2. In the console tree under **Computer Configuration\\Policies\\Windows Settings\\Security Settings\\Application Control Policies**, select **AppLocker**.
-3.  Right-click **AppLocker**, and then click **Export Policy**.
+3. Right-click **AppLocker**, and then select **Export Policy**.
-4.  In the **Export Policy** dialog box, type a name for the exported policy (for example, the name of the GPO), select a location to save the policy, and then click **Save**.
+4. In the **Export Policy** dialog box, type a name for the exported policy (for example, the name of the GPO), select a location to save the policy, and then select **Save**.
-5.  The **AppLocker** dialog box will notify you of how many rules were exported. Click **OK**.
+5. The **AppLocker** dialog box notifies you of how many rules were exported. Select **OK**.

windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file.md

@@ -1,21 +1,18 @@
 ---
 title: Export an AppLocker policy to an XML file
-description: This topic for IT professionals describes the steps to export an AppLocker policy to an XML file for review or testing.
+description: This article for IT professionals describes the steps to export an AppLocker policy to an XML file for review or testing.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 09/21/2017
+ms.date: 12/21/2023
 ---
 
 # Export an AppLocker policy to an XML file
 
->[!NOTE]
+This article for IT professionals describes the steps to export an AppLocker policy to an XML file for review or testing.
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
-
-This topic for IT professionals describes the steps to export an AppLocker policy to an XML file for review or testing.
 Membership in the local **Administrators** group, or equivalent, is the minimum required to complete this procedure.
 
-**To export an AppLocker policy to an XML file**
+## To export an AppLocker policy to an XML file
 
-1.  From the AppLocker console, right-click **AppLocker**, and then click **Export Policy**.
+1. From the AppLocker console, right-click **AppLocker**, and then select **Export Policy**.
 2. Browse to the location where you want to save the XML file.
-3.  In the **File name** box, type a file name for the XML file, and then click **Save**.
+3. In the **File name** box, type a file name for the XML file, and then select **Save**.

windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-from-another-computer.md

@@ -1,30 +1,25 @@
 ---
 title: Import an AppLocker policy from another computer
-description: This topic for IT professionals describes how to import an AppLocker policy.
+description: This article for IT professionals describes how to import an AppLocker policy.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 12/31/2017
+ms.date: 12/22/2023
 ---
 
 # Import an AppLocker policy from another computer
 
-> [!NOTE]
+This article for IT professionals describes how to import an AppLocker policy.
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
-This topic for IT professionals describes how to import an AppLocker policy.
+Before completing this procedure, export an AppLocker policy. For more information, see [Export an AppLocker policy to an XML file](export-an-applocker-policy-to-an-xml-file.md).
-
-Before completing this procedure, you should have exported an AppLocker policy. For more information, see [Export an AppLocker policy to an XML file](export-an-applocker-policy-to-an-xml-file.md).
 
 Membership in the local **Administrators** group, or equivalent, is the minimum required to complete this procedure.
 
-> **Caution:**  Importing a policy will overwrite the existing policy on that computer.
+> [!WARNING]
+> Importing a policy will overwrite the existing local policy on that computer.
 
-**To import an AppLocker policy**
+## To import an AppLocker policy
 
-1.  From the AppLocker console, right-click **AppLocker**, and then click **Import Policy**.
+1. From the AppLocker console, right-click **AppLocker**, and then select **Import Policy**.
-
+2. In the **Import Policy** dialog box, locate the file that you exported, and then select **Open**.
-2.  In the **Import Policy** dialog box, locate the file that you exported, and then click **Open**.
+3. The **Import Policy** dialog box warns you that importing a policy overwrites the existing rules and enforcement settings. If acceptable, select **OK** to import and overwrite the policy.
-
+4. The **AppLocker** dialog box notifies you of how many rules were overwritten and imported. Select **OK**.
-3.  The **Import Policy** dialog box will warn you that importing a policy will overwrite the existing rules and enforcement settings. If acceptable, click **OK** to import and overwrite the policy.
-
-4.  The **AppLocker** dialog box will notify you of how many rules were overwritten and imported. Click **OK**.

windows/security/application-security/application-control/windows-defender-application-control/applocker/import-an-applocker-policy-into-a-gpo.md

@@ -1,27 +1,26 @@
 ---
 title: Import an AppLocker policy into a GPO
-description: This topic for IT professionals describes the steps to import an AppLocker policy into a Group Policy Object (GPO).
+description: This article for IT professionals describes the steps to import an AppLocker policy into a Group Policy Object (GPO).
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 09/21/2017
+ms.date: 12/22/2023
 ---
 
 # Import an AppLocker policy into a GPO
 
->[!NOTE]
+This article for IT professionals describes the steps to import an AppLocker policy into a Group Policy Object (GPO).
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
-This topic for IT professionals describes the steps to import an AppLocker policy into a Group Policy Object (GPO).
+You can create AppLocker policies as local security policies or as part of a GPO and managed by using Group Policy. You can create AppLocker policies on any supported computer. For info about which Windows editions are supported, see [Requirements to Use AppLocker](requirements-to-use-applocker.md).
-AppLocker policies can be created as local security policies and modified like any other local security policy, or they can be created as part of a GPO and managed by using Group Policy. You can create AppLocker policies on any supported computer. For info about which Windows editions are supported, see [Requirements to Use AppLocker](requirements-to-use-applocker.md).
 
->**Important:**  Follow your organization's standard procedures for updating GPOs. For info about specific steps to follow for AppLocker policies, see [Maintain AppLocker policies](maintain-applocker-policies.md).
+> [!IMPORTANT]
+> Follow your organization's standard procedures for updating GPOs. For info about specific steps to follow for AppLocker policies, see [Maintain AppLocker policies](maintain-applocker-policies.md).
 
 To complete this procedure, you must have the **Edit Setting** permission to edit a GPO. By default, members of the **Domain Admins** group, the **Enterprise Admins** group, and the **Group Policy Creator Owners** group have this permission.
 
-**To import an AppLocker policy into a GPO**
+## To import an AppLocker policy into a GPO
 
 1. In the Group Policy Management Console (GPMC), open the GPO that you want to edit.
-2.  In the console tree under **Computer Configuration\\Policies\\Windows Settings\\Security Settings\\Application Control Policies**, click **AppLocker**.
+2. In the console tree under **Computer Configuration\\Policies\\Windows Settings\\Security Settings\\Application Control Policies**, select **AppLocker**.
-3.  Right-click **AppLocker**, and then click **Import Policy**.
+3. Right-click **AppLocker**, and then select **Import Policy**.
-4.  In the **Import Policy** dialog box, locate the XML policy file, and click **Open**.
+4. In the **Import Policy** dialog box, locate the XML policy file, and select **Open**.
-5.  The **AppLocker** dialog box will notify you of how many rules were imported. Click **OK**.
+5. The **AppLocker** dialog box notifies you of how many rules were imported. Select **OK**.

windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md

@@ -1,19 +1,16 @@
 ---
 title: Merge AppLocker policies by using Set-ApplockerPolicy
-description: This topic for IT professionals describes the steps to merge AppLocker policies by using Windows PowerShell.
+description: This article for IT professionals describes the steps to merge AppLocker policies by using Windows PowerShell.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 09/21/2017
+ms.date: 12/22/2023
 ---
 
 # Merge AppLocker policies by using Set-ApplockerPolicy
 
->[!NOTE]
+This article for IT professionals describes the steps to merge AppLocker policies by using Windows PowerShell.
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
-This topic for IT professionals describes the steps to merge AppLocker policies by using Windows PowerShell.
+The **Set-AppLockerPolicy** cmdlet sets the specified Group Policy Object (GPO) to contain the specified AppLocker policy. If no Lightweight Directory Access Protocol (LDAP) is specified, the local policy is used. When the Merge parameter is used, rules in the specified AppLocker policy are merged with the AppLocker rules in the target GPO specified in the LDAP path. Merging policies removes rules with duplicate rule IDs, and the enforcement mode setting is chosen as described in [Working with AppLocker rules](/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules#enforcement-modes). If the Merge parameter isn't specified, then the new policy overwrites the existing policy.
-
-The **Set-AppLockerPolicy** cmdlet sets the specified Group Policy Object (GPO) to contain the specified AppLocker policy. If no Lightweight Directory Access Protocol (LDAP) is specified, the local GPO is the default. When the Merge parameter is used, rules in the specified AppLocker policy will be merged with the AppLocker rules in the target GPO specified in the LDAP path. The merging of policies will remove rules with duplicate rule IDs, and the enforcement setting specified by the AppLocker policy in the target GPO will be preserved. If the Merge parameter isn't specified, then the new policy will overwrite the existing policy.
 
 For info about using **Set-AppLockerPolicy**, including syntax descriptions and parameters, see [Set-AppLockerPolicy](/powershell/module/applocker/set-applockerpolicy).
 
@@ -21,7 +18,8 @@ For info about using Windows PowerShell for AppLocker, including how to import t
 
 You can also manually merge AppLocker policies. For information on the procedure to do this merging, see [Merge AppLocker policies manually](merge-applocker-policies-manually.md).
 
-**To merge a local AppLocker policy with another AppLocker policy by using LDAP paths**
+## To merge a local AppLocker policy with another AppLocker policy by using LDAP paths
+
 1. Open the PowerShell command window. For info about performing Windows PowerShell commands for AppLocker, see [Use the AppLocker Windows PowerShell cmdlets](use-the-applocker-windows-powershell-cmdlets.md).
 2. At the command prompt, type **C:\\PS>Get-AppLockerPolicy -Local | Set-AppLockerPolicy -LDAP "LDAP: //***<string>***"** **-Merge** where *<string>* specifies the LDAP path of the unique GPO.
 

windows/security/application-security/application-control/windows-defender-application-control/applocker/merge-applocker-policies-manually.md

@@ -1,43 +1,22 @@
 ---
 title: Merge AppLocker policies manually
-description: This topic for IT professionals describes the steps to manually merge AppLocker policies to update the Group Policy Object (GPO).
+description: This article for IT professionals describes the steps to manually merge AppLocker policies to update the Group Policy Object (GPO).
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 09/21/2017
+ms.date: 12/22/2023
 ---
 
 # Merge AppLocker policies manually
 
->[!NOTE]
+This article for IT professionals describes the steps to manually merge AppLocker policies to update the Group Policy Object (GPO).
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
-This topic for IT professionals describes the steps to manually merge AppLocker policies to update the Group Policy Object (GPO).
+If you need to merge multiple AppLocker policies into a single one, you can either manually merge the policies or use the Windows PowerShell cmdlets for AppLocker. You can't automatically merge policies by using the AppLocker console. For info about merging policies by using Windows PowerShell, see [Merge AppLocker policies by using Set-ApplockerPolicy](merge-applocker-policies-by-using-set-applockerpolicy.md).
 
-If you have created multiple AppLocker policies and need to merge them to create one AppLocker policy, you can either manually merge the policies or use the Windows PowerShell cmdlets for AppLocker. You can't automatically merge policies by using the AppLocker console. You must create one rule collection from two or more policies. For info about merging policies by using the cmdlet, see [Merge AppLocker policies by using Set-ApplockerPolicy](merge-applocker-policies-by-using-set-applockerpolicy.md).
+The AppLocker policy is stored in XML format, and an exported policy can be edited with any text or XML editor. To export an AppLocker policy, see [Export an AppLocker policy to an XML file](/windows/security/application-security/application-control/windows-defender-application-control/applocker/export-an-applocker-policy-to-an-xml-file). Before making changes to an AppLocker policy manually, review [Working with AppLocker rules](/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules).
-
-The AppLocker policy is saved in XML format, and the exported policy can be edited with any text or XML editor. Rule collections are specified within the **RuleCollection Type** element. The XML schema includes five attributes for the different rule collections, as shown in the following table:
-
-| Rule collection | RuleCollection Type element |
-| - | - |
-| Executable rules| Exe| 
-| Windows Installer rules| Msi| 
-| Script rules | Script| 
-| DLL rules | Dll| 
-| Packaged apps and packaged app installers|Appx| 
- 
-Rule enforcement is specified with the **EnforcementMode** element. The three enforcement modes in the XML correspond to the three enforcement modes in the AppLocker console, as shown in the following table:
-
-| XML enforcement mode |Enforcement mode in Group Policy |
-| - | - |
-| NotConfigured | Not configured (rules are enforced)| 
-| AuditOnly | Audit only| 
-| Enabled | Enforce rules| 
- 
-Each of the three condition types uses specific elements. For XML examples of the different rule types, see Merge AppLocker policies manually.
 
 Membership in the local **Administrators** group, or equivalent, is the minimum required to complete this procedure.
 
-**To merge two or more AppLocker policies**
+## To merge two or more AppLocker policies
 
 1. Open an XML policy file in a text editor or XML editor, such as Notepad.
 2. Select the rule collection where you want to copy rules from.

windows/security/application-security/application-control/windows-defender-application-control/applocker/refresh-an-applocker-policy.md

@@ -1,40 +1,35 @@
 ---
 title: Refresh an AppLocker policy
-description: This topic for IT professionals describes the steps to force an update for an AppLocker policy.
+description: This article for IT professionals describes the steps to force an update for an AppLocker policy.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 09/21/2017
+ms.date: 12/22/2023
 ---
 
 # Refresh an AppLocker policy
 
->[!NOTE]
+This article for IT professionals describes the steps to force an update for an AppLocker policy.
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
-This topic for IT professionals describes the steps to force an update for an AppLocker policy.
+If you update the rule collection on a local computer by using the Local Security Policy snap-in, the policy takes effect immediately. If Group Policy is used to distribute the AppLocker policy and you want to immediately implement the policy, you must manually refresh the policy. The Group Policy refresh might take several minutes, depending upon the number of policies within the Group Policy Object (GPO) and the number of target computers.
 
-If you update the rule collection on a local computer by using the Local Security Policy snap-in, the policy will take effect immediately. If Group Policy is used to distribute the AppLocker policy and you want to immediately implement the policy, you must manually refresh the policy. The Group Policy refresh might take several minutes, depending upon the number of policies within the Group Policy Object (GPO) and the number of target computers.
+To use Group Policy to distribute the AppLocker policy change, you need to retrieve the deployed AppLocker policy first. To prepare for the update and subsequent refresh, see [Edit an AppLocker policy](edit-an-applocker-policy.md) and [Use the AppLocker Windows PowerShell cmdlets](use-the-applocker-windows-powershell-cmdlets.md).
-
-To use Group Policy to distribute the AppLocker policy change, you need to retrieve the deployed AppLocker policy first. To prepare for the update and subsequent refresh, see [Edit an AppLocker policy](edit-an-applocker-policy.md)
-
-[Edit an AppLocker policy](edit-an-applocker-policy.md) and [Use the AppLocker Windows PowerShell cmdlets](use-the-applocker-windows-powershell-cmdlets.md).
 
 To complete this procedure, you must have Edit Setting permission to edit a GPO. By default, members of the **Domain Admins** group, the **Enterprise Admins** group, and the **Group Policy Creator Owners** group have this permission.
 
-**To manually refresh the AppLocker policy by using Group Policy**
+## To manually refresh the AppLocker policy by using Group Policy
 
 1. From a command prompt, type **gpupdate /force**, and then press ENTER.
 2. When the command finishes, close the command prompt window, and then verify that the intended rule behavior is correct. You can do this verification by checking the AppLocker event logs for events that include "policy applied."
 
-To change a policy on an individual computer, or to implement that policy on other computers, without using Group Policy, you first need to update the rule within the rule collection. For information about updating existing rules, see [Edit AppLocker rules](edit-applocker-rules.md). For information 
+For information about updating existing rules, see [Edit AppLocker rules](edit-applocker-rules.md). For information about creating a new rule for an existing policy, see:
-about creating a new rule for an existing policy, see:
+
 - [Create a rule that uses a publisher condition](create-a-rule-that-uses-a-publisher-condition.md)
 - [Create a rule that uses a file hash condition](create-a-rule-that-uses-a-file-hash-condition.md)
 - [Create a rule that uses a path condition](create-a-rule-that-uses-a-path-condition.md)
 
 Membership in the local **Administrators** group, or equivalent, is the minimum required to complete this procedure.
 
-**To refresh the AppLocker policy on the local computer**
+## To refresh the AppLocker policy on the local computer
 
 - Update the rule collection by using the Local Security Policy console with one of the following procedures:
 
@@ -46,8 +41,9 @@ When finished, the policy is in effect.
 
 To make the same change on another device, you can use any of the following methods:
 
--   From the device that you made the change on, export the AppLocker policy, and then import the policy onto the other device. To do these tasks, use the AppLocker **Export Policy** and **Import Policy** features to copy the rules from the changed computer.
+- From the device where you made the change, export the AppLocker policy and then import into onto the other device. To do these tasks, use the AppLocker **Export Policy** and **Import Policy** features to copy the rules from the changed computer.
 
-    >**Caution:**  When importing rules from another computer, all the rules will be applied, not just the one that was updated. Merging policies allows both existing and updated (or new) rules to be applied.
+> [!WARNING]
+> When importing rules from another computer, all the rules will be applied, not just the one that was updated. Merging policies allows both existing and updated (or new) rules to be applied.
 
 - Merge AppLocker policies. For information on the procedures to do this merging, see [Merge AppLocker policies manually](merge-applocker-policies-manually.md) and [Merge AppLocker policies by using Set-ApplockerPolicy](merge-applocker-policies-by-using-set-applockerpolicy.md).

windows/security/application-security/application-control/windows-defender-application-control/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md

@@ -1,40 +1,41 @@
 ---
 title: Test an AppLocker policy by using Test-AppLockerPolicy
-description: This topic for IT professionals describes the steps to test an AppLocker policy prior to importing it into a Group Policy Object (GPO) or another computer.
+description: This article for IT professionals describes the steps to test an AppLocker policy prior to importing it into a Group Policy Object (GPO) or another computer.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 09/21/2017
+ms.date: 12/22/2023
 ---
 
 # Test an AppLocker policy by using Test-AppLockerPolicy
 
->[!NOTE]
+This article for IT professionals describes the steps to test an AppLocker policy prior to importing it into a Group Policy Object (GPO) or another computer.
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
 
-This topic for IT professionals describes the steps to test an AppLocker policy prior to importing it into a Group Policy Object (GPO) or another computer.
+The **Test-AppLockerPolicy** Windows PowerShell cmdlet can be used to determine whether any of the rules in your rule collections block apps run on the local computer. Perform the following steps on any computer where the AppLocker policies are applied.
-
-The **Test-AppLockerPolicy** Windows PowerShell cmdlet can be used to determine whether any of the rules in your rule collections will be blocked on your reference computer or the computer on which you maintain policies. Perform the following steps on any computer where the AppLocker policies are applied.
 
 Any user account can be used to complete this procedure.
 
-**To test an AppLocker policy by using Test-AppLockerPolicy**
+## To test an AppLocker policy by using Test-AppLockerPolicy
 
-1.  Export the effective AppLocker policy. To do this, you must use the **Get-AppLockerPolicy** Windows PowerShell cmdlet.
+1. Export the effective AppLocker policy using the **Get-AppLockerPolicy** Windows PowerShell cmdlet.
 
     1. Open a Windows PowerShell command prompt window as an administrator.
     2. Use the **Get-AppLockerPolicy** cmdlet to export the effective AppLocker policy to an XML file:
 
-        `Get-AppLockerPolicy -Effective -XML > <PathofFiletoExport.XML>`
+        ```powershell
+        Get-AppLockerPolicy -Effective -XML > <PathofFiletoExport.XML>
+        ```
 
 2. Use the **Get-ChildItem** cmdlet to specify the directory that you want to test, specify the **Test-AppLockerPolicy** cmdlet with the XML file from the previous step to test the policy, and use the **Export-CSV** cmdlet to export the results to a file to be analyzed:
 
-    `Get-ChildItem <DirectoryPathtoReview> -Filter <FileExtensionFilter> -Recurse | Convert-Path | Test-AppLockerPolicy -XMLPolicy <PathToExportedPolicyFile> -User <domain\username> -Filter <TypeofRuletoFilterFor> | Export-CSV <PathToExportResultsTo.CSV>`
+    ```powershell
+    Get-ChildItem <DirectoryPathtoReview> -Filter <FileExtensionFilter> -Recurse | Convert-Path | Test-AppLockerPolicy -XMLPolicy <PathToExportedPolicyFile> -User <domain\username> -Filter <TypeofRuletoFilterFor> | Export-CSV <PathToExportResultsTo.CSV>
+    ```
 
 The following shows example input for **Test-AppLockerPolicy**:
 
-```syntax
+```powershell
 PS C:\ Get-AppLockerPolicy -Effective -XML > C:\Effective.xml
 PS C:\ Get-ChildItem 'C:\Program Files\Microsoft Office\' -filter *.exe -Recurse | Convert-Path | Test-AppLockerPolicy -XMLPolicy C:\Effective.xml -User contoso\zwie -Filter Denied,DeniedByDefault | Export-CSV C:\BlockedFiles.csv
 ```
 
-In the example, the effective AppLocker policy is exported to the file C:\\Effective.xml. The **Get-ChildItem** cmdlet is used to recursively gather path names for the .exe files in C:\\Program Files\\Microsoft Office\\. The XMLPolicy parameter specifies that the C:\\Effective.xml file is an XML AppLocker policy file. By specifying the User parameter, you can test the rules for specific users, and the **Export-CSV** cmdlet allows the results to be exported to a comma-separated file. In the example, `-FilterDenied,DeniedByDefault` displays only those files that will be blocked for the user under the policy.
+In the example, the effective AppLocker policy is exported to the file C:\\Effective.xml. The **Get-ChildItem** cmdlet is used to recursively gather path names for the .exe files in C:\\Program Files\\Microsoft Office\\. The XMLPolicy parameter specifies that the C:\\Effective.xml file is an XML AppLocker policy file. By specifying the User parameter, you can test the rules for specific users, and the **Export-CSV** cmdlet allows the results to be exported to a comma-separated file. In the example, `-FilterDenied,DeniedByDefault` displays only those files that blocked for the user under the policy.

windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-policies.md

@@ -1,32 +1,29 @@
 ---
 title: Working with AppLocker policies
-description: This topic for IT professionals provides links to procedural topics about creating, maintaining, and testing AppLocker policies.
+description: This article for IT professionals provides links to procedural articles about creating, maintaining, and testing AppLocker policies.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 09/21/2017
+ms.date: 12/21/2023
 ---
 
 # Working with AppLocker policies
 
->[!NOTE]
+This article for IT professionals provides links to procedural articles about creating, maintaining, and testing AppLocker policies.
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
-
-This topic for IT professionals provides links to procedural topics about creating, maintaining, and testing AppLocker policies.
 
 ## In this section
 
-| Topic | Description |
+| Article | Description |
 | - | - |
-| [Configure the Application Identity service](configure-the-application-identity-service.md) | This topic for IT professionals shows how to configure the Application Identity service to start automatically or manually.| 
+| [Configure the Application Identity service](configure-the-application-identity-service.md) | This article for IT professionals shows how to configure the Application Identity service to start automatically or manually. |
-| [Configure an AppLocker policy for audit only](configure-an-applocker-policy-for-audit-only.md) | This topic for IT professionals describes how to set AppLocker policies to  **Audit only** within your IT environment by using AppLocker.| 
+| [Configure an AppLocker policy for audit only](configure-an-applocker-policy-for-audit-only.md) | This article for IT professionals describes how to set AppLocker policies to  **Audit only** within your IT environment by using AppLocker. |
-| [Configure an AppLocker policy for enforce rules](configure-an-applocker-policy-for-enforce-rules.md) | This topic for IT professionals describes the steps to enable the AppLocker policy enforcement setting.| 
+| [Configure an AppLocker policy for enforce rules](configure-an-applocker-policy-for-enforce-rules.md) | This article for IT professionals describes the steps to enable the AppLocker policy enforcement setting. |
-| [Display a custom URL message when users try to run a blocked app](display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md) | This topic for IT professionals describes the steps for displaying a customized message to users when an AppLocker policy denies access to an app.| 
+| [Display a custom URL message when users try to run a blocked app](display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md) | This article for IT professionals describes the steps for displaying a customized message to users when an AppLocker policy denies access to an app. |
-| [Export an AppLocker policy from a GPO](export-an-applocker-policy-from-a-gpo.md) | This topic for IT professionals describes the steps to export an AppLocker policy from a Group Policy Object (GPO) so that it can be modified.| 
+| [Export an AppLocker policy from a GPO](export-an-applocker-policy-from-a-gpo.md) | This article for IT professionals describes the steps to export an AppLocker policy from a Group Policy Object (GPO) so that it can be modified. |
-| [Export an AppLocker policy to an XML file](export-an-applocker-policy-to-an-xml-file.md) | This topic for IT professionals describes the steps to export an AppLocker policy to an XML file for review or testing.| 
+| [Export an AppLocker policy to an XML file](export-an-applocker-policy-to-an-xml-file.md) | This article for IT professionals describes the steps to export an AppLocker policy to an XML file for review or testing. |
-| [Import an AppLocker policy from another computer](import-an-applocker-policy-from-another-computer.md) | This topic for IT professionals describes how to import an AppLocker policy.| 
+| [Import an AppLocker policy from another computer](import-an-applocker-policy-from-another-computer.md) | This article for IT professionals describes how to import an AppLocker policy. |
-| [Import an AppLocker policy into a GPO](import-an-applocker-policy-into-a-gpo.md) | This topic for IT professionals describes the steps to import an AppLocker policy into a Group Policy Object (GPO).| 
+| [Import an AppLocker policy into a GPO](import-an-applocker-policy-into-a-gpo.md) | This article for IT professionals describes the steps to import an AppLocker policy into a Group Policy Object (GPO). |
-| [Add rules for packaged apps to existing AppLocker rule-set](add-rules-for-packaged-apps-to-existing-applocker-rule-set.md) | This topic for IT professionals describes how to update your existing AppLocker policies for packaged apps using the Remote Server Administration Toolkit (RSAT).| 
+| [Add rules for packaged apps to existing AppLocker rule-set](add-rules-for-packaged-apps-to-existing-applocker-rule-set.md) | This article for IT professionals describes how to update your existing AppLocker policies for packaged apps using the Remote Server Administration Toolkit (RSAT). |
-| [Merge AppLocker policies by using Set-ApplockerPolicy](merge-applocker-policies-by-using-set-applockerpolicy.md) | This topic for IT professionals describes the steps to merge AppLocker policies by using Windows PowerShell.| 
+| [Merge AppLocker policies by using Set-ApplockerPolicy](merge-applocker-policies-by-using-set-applockerpolicy.md) | This article for IT professionals describes the steps to merge AppLocker policies by using Windows PowerShell. |
-| [Merge AppLocker policies manually](merge-applocker-policies-manually.md) | This topic for IT professionals describes the steps to manually merge AppLocker policies to update the Group Policy Object (GPO).| 
+| [Merge AppLocker policies manually](merge-applocker-policies-manually.md) | This article for IT professionals describes the steps to manually merge AppLocker policies to update the Group Policy Object (GPO). |
-| [Refresh an AppLocker policy](refresh-an-applocker-policy.md) | This topic for IT professionals describes the steps to force an update for an AppLocker policy.| 
+| [Refresh an AppLocker policy](refresh-an-applocker-policy.md) | This article for IT professionals describes the steps to force an update for an AppLocker policy. |
-| [Test an AppLocker policy by using Test-AppLockerPolicy](test-an-applocker-policy-by-using-test-applockerpolicy.md) | This topic for IT professionals describes the steps to test an AppLocker policy prior to importing it into a Group Policy Object (GPO) or another computer.|
+| [Test an AppLocker policy by using Test-AppLockerPolicy](test-an-applocker-policy-by-using-test-applockerpolicy.md) | This article for IT professionals describes the steps to test an AppLocker policy prior to importing it into a Group Policy Object (GPO) or another computer.|