I have a specific question for the Microsoft people, if I create an AppLocker policy in the MMC, then export it as a .xml template file, I see that each XML file contains a property / node entry in the XML file called <FilePathRule Id> and might look as follows <FilePathRule Id="30631ed7-4207-4d80-bb45-45d935d464df". My question is, what is this GUID or whatever it is mapped to, is it based on domain names, file paths, file versions allowed or what does it forfill for purpose? And if you would know the answer to this one, how do we as an external company generate our own GUID's (valid) so that we can generate generic XML files to built by scripts? In order to write something I really need to know the criterias behind the structure... tried putting in dummy values.. but the PowerShell command lets did NOT accept the XMl file to be valid once I changed it...I would really like to get more info on this property, but I cant seem to find it in the beta documentation... any pointers?br4tt3

ok if it was hash i would say that it could be the hash algorithm for the specific application...but couldnt those numbers be the encrypted volume by bitlocker or efs?sorry if that was a dumb input but in my modest knowledge i think it could be related to that,but ofc u ll w8 for the MSFT answerers reply which i personally think they might avoid answering to that question,in order to prevent providing too much in depth info about applocker which could lead to serious problems for MS users victims of hackers...anyways my opinion!regards,RR

Hi Br4tt3, Aoccrding to Technical Documentation for Windows 7 and Windows Server 2008 R2, rule conditions are properties of files that AppLocker uses to enforce rules. Each AppLocker rule can use one primary rule condition. There are three rule conditions in AppLocker: publisher, path, and file hash.Publisher: Can only be used for files that are digitally signed by a software publisher. This condition type uses the digital certificate (publisher name and product name) and properties of the file (file name and file version). This type of rule can be created for an entire product suite, which allows the rule in most cases to still be applicable when the application is updated.Path: Based on the file or folder path of where specific applications are installed.File hash: Based on the unique file hash that Windows cryptographically computes for each file. This condition type is unique, so each time that a publisher updates a file, you must create a new rule.Hope it helps. Thanks.

"...might avoid answering to that question,in order to prevent providing too much in depth info about applocker which could lead to serious problems for MS users victims of hackers..." True of course, then again, I will need that info in order to solve my issue. Scenario: running the cmdlet from powershell for adding an AppLocker policy to a machine, is NOT working in an incrimental way e.g one XML could be added for base OS security, another for adding access to application X and so on. If it would be working this way, I could modularize everything, providing access each applicationfrom applocker as those would be installed. However, as of today, when ever adding an XML file to the AppLocker engine, it overwrites the previous policy in place (hence none incrimental).The solution would be to generate a own script that would build XML file for us in a generic way, which wouldnot be that hard when looking into the XML structure, thereby providing access to each application and the base OS. The ONLY problem is the FilePathRule entry... cause I cant really create a generic XML if I cant generate the hash in the background. Sure, there might be a security issue when doing this, but it is pretty far fetched to guess that an attacker would scope in on the creation of hash tokens on AppLocker against a certain company.In the documentaion mentioned below: There is no info on how to generate the hashes (which I could find), so no luck in implementing AppLocker in our organization. Thanks for the help and pointers people!br4tt3