windows-itpro-docs/windows/device-security/applocker/deploy-the-applocker-policy-into-production.md
Nicholas Brower 1ae3f0b230 Merged PR 4822: "msdate update (generated from most recent commit date)"
"msdate update (generated from most recent commit date)"
2017-12-05 22:36:05 +00:00

3.3 KiB

title, description, ms.assetid, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, author, ms.date
title description ms.assetid ms.prod ms.mktglfcycl ms.sitesec ms.pagetype author ms.date
Deploy the AppLocker policy into production (Windows 10) This topic for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings. ebbb1907-92dc-499e-8cee-8e637483c9ae w10 deploy library security brianlic-msft 09/21/2017

Deploy the AppLocker policy into production

Applies to

  • Windows 10
  • Windows Server

This topic for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings.

After successfully testing and modifying the AppLocker policy for each Group Policy Object (GPO), you are ready to deploy the enforcement settings into production. For most organizations, this means switching the AppLocker enforcement setting from Audit only to Enforce rules. However, it is important to follow the deployment plan that you created earlier. For more info, see the AppLocker Design Guide. Depending on the needs of different business groups in your organization, you might deploy different enforcement settings for linked GPOs.

Understand your design decisions

Before you deploy an AppLocker policy, you should determine:

For info about how AppLocker deployment is dependent on design decisions, see Understand AppLocker policy design decisions.

AppLocker deployment methods

If you have configured a reference device, you can create and update your AppLocker policies on this device, test the policies, and then export the policies to the appropriate GPO for distribution. Another method is to create the policies and set the enforcement setting on Audit only, then observe the events that are generated.

See also