mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-15 06:47:21 +00:00
49 lines
3.3 KiB
Markdown
49 lines
3.3 KiB
Markdown
---
|
||
title: Deploy the AppLocker policy into production (Windows 10)
|
||
description: This topic for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings.
|
||
ms.assetid: ebbb1907-92dc-499e-8cee-8e637483c9ae
|
||
ms.prod: w10
|
||
ms.mktglfcycl: deploy
|
||
ms.sitesec: library
|
||
ms.pagetype: security
|
||
author: brianlic-msft
|
||
ms.date: 09/21/2017
|
||
---
|
||
|
||
# Deploy the AppLocker policy into production
|
||
|
||
**Applies to**
|
||
- Windows 10
|
||
- Windows Server
|
||
|
||
This topic for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings.
|
||
|
||
After successfully testing and modifying the AppLocker policy for each Group Policy Object (GPO), you are ready to deploy the enforcement settings into production. For most organizations, this means switching the AppLocker enforcement setting from **Audit only** to **Enforce rules**. However, it is important to follow the deployment plan that you created earlier. For more info, see the [AppLocker Design Guide](applocker-policies-design-guide.md). Depending on the needs of different business groups in your organization, you might deploy different enforcement settings for linked GPOs.
|
||
|
||
### Understand your design decisions
|
||
|
||
Before you deploy an AppLocker policy, you should determine:
|
||
|
||
- For each business group, which applications will be controlled and in what manner. For more info, see [Create a list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md).
|
||
- How to handle requests for application access. For info about what to consider when developing your support policies, see [Plan for AppLocker policy management](plan-for-applocker-policy-management.md).
|
||
- How to manage events, including forwarding events. For info about event management in AppLocker, see [Monitor app usage with AppLocker](monitor-application-usage-with-applocker.md).
|
||
- Your GPO structure, including how to include policies generated by Software Restriction Policies and AppLocker policies. For more info, see [Determine the Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md).
|
||
|
||
For info about how AppLocker deployment is dependent on design decisions, see [Understand AppLocker policy design decisions](understand-applocker-policy-design-decisions.md).
|
||
|
||
### AppLocker deployment methods
|
||
|
||
If you have configured a reference device, you can create and update your AppLocker policies on this device, test the policies, and then export the policies to the appropriate GPO for distribution. Another method is to create the policies and set the enforcement setting on **Audit only**, then
|
||
observe the events that are generated.
|
||
- [Use a reference device to create and maintain AppLocker policies](use-a-reference-computer-to-create-and-maintain-applocker-policies.md)
|
||
|
||
This topic describes the steps to use an AppLocker reference computer to prepare application control policies for deployment by using Group Policy or other means.
|
||
|
||
- [Deploy AppLocker policies by using the enforce rules setting](deploy-applocker-policies-by-using-the-enforce-rules-setting.md)
|
||
|
||
This topic describes the steps to deploy the AppLocker policy by changing the enforcement setting to **Audit only** or to **Enforce rules**.
|
||
|
||
## See also
|
||
|
||
- [AppLocker deployment guide](applocker-policies-deployment-guide.md)
|