AppLocker - How to re-run "Reduce the number of rules created by grouping similar files"?


  • When using GPMC to create an initial set of rules for an AppLocker policy, we are presented with an option to:

    Reduce the number of rules created by grouping similar files

    As the life of the policy evolves, new rules need to be added, though without manual review of every previous entry, how can we keep the rule count to a minimum by grouping "similar items"? Can this feature be run again and forced to consider rules added after the initial configuration? Is this grouping logic available through PowerShell or another API?

    NOTE: I am not talking about Set-AppLockerPolicy's -Merge parameter, which " will remove rules with duplicate rule IDs, and the enforcement setting specified by the AppLocker policy" but apparently not group similiar files into one rule?

    Mike Crowley | MVP
    My Blog -- Baseline Technologies

    Monday, October 19, 2015 9:10 PM


All replies