This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 86%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFA%3C/text%3E%3C/svg%3E)
Hello,
I trying to remove Default Applocker rules from Local with powershell.
When support teams create a Applocker rule on lacal they select yes for adding Default Rules.
Is there anyway to delete this policy rules with powershell? I only want to delete these rules. not clear all applocker rule.
In applocker xml file it shown like below.
</FilePublisherCondition>
</Conditions></FilePublisherRule><FilePathRule Id="921cc481-6e17-4653-8f75-050b80acca20" Name="(Default Rule) All files located in the Program Files folder"
Description="Allows members of the Everyone group to run applications that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions><FilePathCondition Path="%PROGRAMFILES%*" /></Conditions></FilePathRule><FilePathRule Id="a61c8b2c-a319-4cd0-9690-d2177cad7b51" Name="(Default Rule) All files located in the Windows folder" Description="Allows members of the Everyone group to run applications that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions><FilePathCondition Path="%WINDIR%*" /></Conditions></FilePathRule><FilePathRule Id=
"fd686d83-a829-4351-8ff4-27c7de5755d2" Name="(Default Rule) All files" Description="Allows members of the local Administrators group to run all applications." UserOrGroupSid="S-1-5-32-544" Action="Allow">
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 81%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Take a look at:
https://free.blessedness.top/en-us/windows/security/threat-protection/windows-defender-application-control/applocker/delete-an-applocker-rule
You may configure the XML to remove policy (or set as Not Configured) for the one you are looking for.
Thank you for quick answer Reza. I already read documents. But i have more than 10000+ clients in my domain and some of them have local applocker rules. these applocker rules must stay. I just want to delete which is coming from default rules while making new applocker rule.
I couldn't filter these default applocker rules. If i dont have choice i will try to do compare xml files which are on my clients computer and which has these default rules. But i dont think it is best practice.
For better to understand me i share an example of local default policies.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 57.00000000000001%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGT%3C/text%3E%3C/svg%3E)
@Furkan Aykut Did you manage to remove the specific AppLocker rules? If yes, how?
