12 KiB
title, description, ms.date, ms.topic, appliesto
| title | description | ms.date | ms.topic | appliesto | |
|---|---|---|---|---|---|
| Create policies to enable applications | Learn how to create policies to enable the installation and execution of apps on Windows SE. | 05/23/2023 | tutorial |
|
Create policies to enable applications
:::image type="content" source="./images/create-policies.png" alt-text="Diagram showing the three tutorial steps, highlighting the policy creation step." border="false":::
You can create AppLocker policies to allow apps that are semi-compatible or incompatible with the managed installer to run.
Additional AppLocker policies work by configuring other apps to be managed installers. However, since anything downloaded or installed by a managed installer is trusted to run, it creates a significant security risk. For example, if the executable for a third-party browser is set as a managed installer, anything downloaded from that browser will be allowed to run.
To allow apps to run by setting their installers as managed installers, follow the guidance here:
Next steps
Before moving on to the next section, ensure that you've completed the following tasks.
For a WDAC supplemental policy:
[!div class="checklist"]
- Create a policy, targeting the base policy: 82443e1e-8a39-4b4a-96a8-f40ddc00b9f3
For an AppLocker policy:
[!div class="checklist"]
- Only applied to an updater or installer
- Created the policy with the Merge option
Advance to the next article to learn how to deploy the WDAC supplemental policies or AppLocker policies to Windows 11 SE devices. -->
Advance to the next article to learn how to deploy the AppLocker policies to Windows 11 SE devices.
[!div class="nextstepaction"] Next: deploy policies >