deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md

1.9 KiB
Raw Blame History

title, description, ms.assetid, ms.reviewer, ms.author, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.localizationpriority, author, manager, audience, ms.collection, ms.topic, ms.date, ms.technology
title description ms.assetid ms.reviewer ms.author ms.prod ms.mktglfcycl ms.sitesec ms.pagetype ms.localizationpriority author manager audience ms.collection ms.topic ms.date ms.technology
Script rules in AppLocker (Windows) This article describes the file formats and available default rules for the script rule collection. fee24ca4-935a-4c5e-8a92-8cf1d134d35f macapara m365-security deploy library security medium mjcaparas dansimp ITPro M365-security-compliance conceptual 06/15/2022 windows-sec

Script rules in AppLocker

Applies to

  • Windows 10
  • Windows 11
  • Windows Server 2016 and above

This article describes the file formats and available default rules for the script rule collection.

AppLocker defines script rules to include only the following file formats:

  • .ps1
  • .bat
  • .cmd
  • .vbs
  • .js

The following table lists the default rules that are available for the script rule collection.

Purpose Name User Rule condition type
Allows members of the local Administrators group to run all scripts (Default Rule) All scripts BUILTIN\Administrators Path: *\
Allow all users to run scripts in the Windows folder (Default Rule) All scripts located in the Windows folder Everyone Path: %windir%\*
Allow all users to run scripts in the Program Files folder (Default Rule) All scripts located in the Program Files folder Everyone Path: %programfiles%\*

Note

When a script runs that is not allowed by policy, AppLocker raises an event indicating that the script was "blocked". However, the actual script enforcement behavior is handled by the script host. In the case of PowerShell, "blocked" scripts will still run, but only in Constrained Language Mode. Authorized scripts run in Full Language Mode.

Related articles