1

I created a test environment to learn active directory administration. I am using Windows Server 2016 as a Domain Controller and Windows 8.1 Pro as a domain computer. I created domain user User1.
Created a OU called TestOU and put domain user User1 in that OU.
I edited default domain policy and added new Applocker rule that deny putty to install on domain PC (Using File Hash). Here are the rules: https://image.ibb.co/cbSf8H/applocker.png

I login as a domain user on domain computer. Start the Application Identity Service and issue command gpupdate /force.
But i am still able to run putty installer on domain computer.
What I am missing? Can't we use applocker group policies on Windows 8.1/10 Pro applied by Windows Server 2016 or I need Windows 8.1/10 Enterprise edition for a domain computer or I am doing something wrong?

Danish
  • 13
  • 3

1 Answers1

1

AppLocker is available only for the "Enterprise" editions of Windows.

You need Windows 7 / 8.1 / 10 Enterprise to use AppLocker.

https://social.technet.microsoft.com/wiki/contents/articles/14374.windows-8-1-editions-skus-and-features.aspx

Adding to that, you shouldn't edit the Default Domain Policy to enforce AppLocker, you should create a separate GPO.

Swisstone
  • 6,357
  • 7
  • 21
  • 32