{
	"id": "f68229b9-99f6-46ef-8559-a7771a6bad3a",
	"created_at": "2026-04-06T00:10:54.367329Z",
	"updated_at": "2026-04-10T03:21:42.510446Z",
	"deleted_at": null,
	"sha1_hash": "4d770dbbc7a9cdef99b192c66fff851c381ee3e6",
	"title": "Using Software Restriction Policies and AppLocker Policies",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 43847,
	"plain_text": "Using Software Restriction Policies and AppLocker Policies\r\nBy Archiveddocs\r\nArchived: 2026-04-05 18:01:53 UTC\r\nApplies To: Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server\r\n2012, Windows 8\r\nThis topic for the IT professional describes how to use Software Restriction Policies (SRP) and AppLocker\r\npolicies in the same Windows deployment.\r\nUnderstand the difference between SRP and AppLocker\r\nYou might want to deploy application control policies in Windows operating systems earlier than Windows\r\nServer 2008 R2 or Windows 7. You can use AppLocker policies only on the supported versions and editions of\r\nWindows as listed in Requirements to Use AppLocker. However, you can use SRP on those supported editions of\r\nWindows plus Windows Server 2003 and Windows XP. To compare features and functions in SRP and AppLocker\r\nso that you can determine when to use each technology to meet your application control objectives, see Determine\r\nYour Application Control Objectives.\r\nUse SRP and AppLocker in the same domain\r\nSRP and AppLocker use Group Policy for domain management. However, when policies are generated by SRP\r\nand AppLocker exist in the same domain, and they are applied through Group Policy, AppLocker policies take\r\nprecedence over policies generated by SRP on computers that are running an operating system that supports\r\nAppLocker. For information about how inheritance in Group Policy applies to AppLocker policies and policies\r\ngenerated by SRP, see Understand AppLocker Rules and Enforcement Setting Inheritance in Group Policy.\r\nImportant\r\nAs a best practice, use separate Group Policy Objects to implement your SRP and AppLocker policies. To reduce\r\ntroubleshooting issues, do not combine them in the same GPO.\r\nThe following scenario provides an example of how each type of policy would affect a bank teller software\r\napplication, where the application is deployed on different Windows desktop operating systems and managed by\r\nthe Tellers GPO.\r\nhttps://technet.microsoft.com/en-us/library/ee791851.aspx\r\nPage 1 of 3\n\nOperating\r\nsystem\r\nTellers GPO with\r\nAppLocker policy\r\nTellers GPO with SRP\r\nTellers GPO with\r\nAppLocker policy and SRP\r\nWindows 8.1,\r\nWindows 8,and\r\nWindows 7\r\nAppLocker policies\r\nin the GPO are\r\napplied, and they\r\nsupersede any local\r\nAppLocker policies.\r\nLocal AppLocker policies\r\nsupersede policies generated\r\nby SRP that are applied\r\nthrough the GPO.\r\nAppLocker policies in the\r\nGPO are applied, and they\r\nsupersede the policies\r\ngenerated by SRP in the\r\nGPO and local AppLocker\r\npolicies or policies generated\r\nby SRP.\r\nWindows Vista\r\nAppLocker policies\r\nare not applied.\r\nPolicies generated by SRP in\r\nthe GPO are applied, and they\r\nsupersede local policies\r\ngenerated by SRP.AppLocker\r\npolicies are not applied.\r\nPolicies generated by SRP in\r\nthe GPO are applied, and\r\nthey supersede local policies\r\ngenerated by SRP.\r\nAppLocker policies not\r\napplied.\r\nWindows XP\r\nAppLocker policies\r\nare not applied.\r\nPolicies generated by SRP in\r\nthe GPO are applied, and they\r\nsupersede local policies\r\ngenerated by SRP. AppLocker\r\npolicies are not applied.\r\nPolicies generated by SRP in\r\nthe GPO are applied, and\r\nthey supersede local policies\r\ngenerated by SRP.\r\nAppLocker policies not\r\napplied.\r\nTest and validate SRPs and AppLocker policies that are deployed in the same\r\nenvironment\r\nBecause SRPs and AppLocker policies function differently, they should not be implemented in the same GPO.\r\nThis makes testing the result of the policy straightforward, which is critical to successfully controlling application\r\nusage in the organization. Configuring a testing and policy distribution system can help you understand the result\r\nof a policy. The effects of policies generated by SRP and AppLocker policies need to be tested separately and by\r\nusing different tools.\r\nStep 1: Test the effect of SRPs\r\nYou can use the Group Policy Management Console (GPMC) or the Resultant Set of Policy (RSoP) snap-in to\r\ndetermine the effect of applying SRPs by using GPOs. For information about using the GPMC, see Group Policy\r\nhttps://technet.microsoft.com/en-us/library/ee791851.aspx\r\nPage 2 of 3\n\nManagement Overview [w8]. For information about using RSoP, see Resultant Set of Policy Overview [w8].\r\nStep 2: Test the effect of AppLocker policies\r\nYou can test AppLocker policies by using Windows PowerShell cmdlets. For information about investigating the\r\nresult of a policy, see:\r\nTest an AppLocker Policy by Using Test-AppLockerPolicy\r\nMonitor Application Usage with AppLocker\r\nAnother method to use when determining the result of a policy is to set the enforcement mode to Audit only.\r\nWhen the policy is deployed, events will be written to the AppLocker logs as if the policy was enforced. For\r\ninformation about using the Audit only mode, see:\r\nUnderstand AppLocker Enforcement Settings\r\nConfigure an AppLocker Policy for Audit Only\r\nSee also\r\nAppLocker Policies Deployment Guide\r\nSource: https://technet.microsoft.com/en-us/library/ee791851.aspx\r\nhttps://technet.microsoft.com/en-us/library/ee791851.aspx\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://technet.microsoft.com/en-us/library/ee791851.aspx"
	],
	"report_names": [
		"ee791851.aspx"
	],
	"threat_actors": [],
	"ts_created_at": 1775434254,
	"ts_updated_at": 1775791302,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/4d770dbbc7a9cdef99b192c66fff851c381ee3e6.pdf",
		"text": "https://archive.orkl.eu/4d770dbbc7a9cdef99b192c66fff851c381ee3e6.txt",
		"img": "https://archive.orkl.eu/4d770dbbc7a9cdef99b192c66fff851c381ee3e6.jpg"
	}
}