deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-11 20:17:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/threat-protection/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md
Alekhya Jupudi 92e26e71d4 Defender App Guard Link text correction-04 
Change to Learn more about the Windows Defender Application Control feature availability
2021-09-30 11:48:46 +05:30

2.1 KiB
Raw Blame History

title, description, ms.assetid, ms.reviewer, ms.author, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.localizationpriority, author, manager, audience, ms.collection, ms.topic, ms.date, ms.technology
title description ms.assetid ms.reviewer ms.author ms.prod ms.mktglfcycl ms.sitesec ms.pagetype ms.localizationpriority author manager audience ms.collection ms.topic ms.date ms.technology
Windows Installer rules in AppLocker (Windows) This topic describes the file formats and available default rules for the Windows Installer rule collection. 3fecde5b-88b3-4040-81fa-a2d36d052ec9 macapara m365-security deploy library security medium mjcaparas dansimp ITPro M365-security-compliance conceptual 09/21/2017 mde

Windows Installer rules in AppLocker

Applies to

  • Windows 10
  • Windows 11
  • Windows Server 2016 and above

Note

Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the Windows Defender Application Control feature availability.

This topic describes the file formats and available default rules for the Windows Installer rule collection.

AppLocker defines Windows Installer rules to include only the following file formats:

  • .msi
  • .msp
  • .mst

The purpose of this collection is to allow you to control the installation of files on client computers and servers through Group Policy or the Local Security Policy snap-in. The following table lists the default rules that are available for the Windows Installer rule collection.

Purpose Name User Rule condition type
Allow members of the local Administrators group to run all Windows Installer files (Default Rule) All Windows Installer files BUILTIN\Administrators Path: *
Allow all users to run Windows Installer files that are digitally signed (Default Rule) All digitally signed Windows Installer files Everyone Publisher: * (all signed files)
Allow all users to run Windows Installer files that are located in the Windows Installer folder (Default Rule) All Windows Installer files in %systemdrive%\Windows\Installer Everyone Path: %windir%\Installer*

Related topics