Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [applocker]

20 questions
11
votes
2 answers

Everything says Applocker is supposed to work: Why doesn't it?

I've setup a basic group policy consisting of the default Applocker rules. Per Microsoft's technet article on the subject, any files not explicitly allowed to run by the policy are supposed to be blocked from running. After deploying this policy and…
MDMoore313
  • 5,531
  • 6
  • 34
  • 73
3
votes
1 answer

how to disable run via search on Windows 10?

We are trying to prevent our users from running various commands that we don't specifically approve. We have implemented Applocker, but that doesn't prevent the user from running commands beginning with rundll32.exe or regsvr32.exe. In previous…
curwin
  • 111
  • 1
  • 6
3
votes
1 answer

Change an Applications and Services Logs log path using GPO

I am wanting to change the AppLocker Log path by a GPO. The specific log is found at Event Viewer \ Applications and Services Logs \ Microsoft \ Windows \ AppLocker \ EXE and DLL. I know you can change Application, Security, Setup, and System by…
Matthew Halliday
  • 154
  • 2
  • 3
  • 14
2
votes
1 answer

Can I block a file execution with AppLocker?

We currently use a combination of a regular and an "advanced/fancy" endpoint malware protection, in the advanced malware app, I can feed a SHA256 hash of an executable into the advanced platform and it will block execution of the given…
mbrownnyc
  • 1,825
  • 8
  • 30
  • 50
2
votes
1 answer

Least-Privilege BUILTIN\Administrator Failure Configuring Application Control Policies with AppLocker

I asked this question over at SuperUser to no avail a while ago, before realizing that serverfault may be a better option. I'm configuring execution control on a computer running Windows 7 SP1 Ultimate with one hard drive with a single partition.…
Oskar Lindberg
  • 153
  • 9
1
vote
0 answers

Block regsvr32 using AppLocker only for normal users

I am trying to block the execution of regsvr32 by normal domain users. I have the default rule which allows to everyone the execute all files located in windows folder. Now I would like to deny the execution for regsvr32 to anybody who is not local…
YaKs
  • 31
  • 3
1
vote
1 answer

Applocker policy applied using DC GPO not working

I created a test environment to learn active directory administration. I am using Windows Server 2016 as a Domain Controller and Windows 8.1 Pro as a domain computer. I created domain user User1. Created a OU called TestOU and put domain user User1…
Danish
  • 13
  • 3
1
vote
1 answer

Configuring Applocker to try and prevent randsomware (through email); overkill?

I'm toying around with group policy (Self teaching myself) and have stumbled across applocker which i can certainly see the benefits for certain situations however in every company i've worked for users will NEVER use a specific set of programs,…
Tomsta
  • 121
  • 1
1
vote
2 answers

Windows 10 AppLocker AppID issue

I'm trying to enable AppLocker on Windows 10 Enterprise. I have AppID and AppIDSVC enabled and set to automatic start, and everything looks good. However, when I start inserting policy rules into AppLocker (specifically, .dll rules), I get the…
ztnd13
  • 13
  • 1
  • 4
1
vote
0 answers

Forwarded events not showing file path on event collector

I've set up one of the servers in our domain to be an event collector for AppLocker events from the client computers. I've then (via a GPO) configured two clients to forward their events to the event collector. This works just fine, I'm receiving…
krsi
  • 11
  • 4
1
vote
1 answer

Windows 7 Unchangable AppLocker Rules

I have a windows 7 image that appears to be using an applocker ruleset that I'm unable to modify or disable. Performing the following appears to have no effect on this enforced AppLocker mystery ruleset: Disabling the AppIdSvc restarting the…
James Santiago
  • 876
  • 5
  • 11
1
vote
1 answer

AppLocker is not enforcing rules that have been defined

We have a Windows Server 2019 operating system image with a set of local AppLocker rules defined for the server itself. We are observing that AppLocker is not enforcing any of the rules when we open applications on the server. We have…
Pirate Adam
  • 111
  • 2
1
vote
1 answer

Dynamic Windows 10 AppLocker rules for user groups not working

I'm trying to make dynamic app blocking rules with AppLocker. The setup is that I have predefined AppLocker rules (for example, Allow windows user group 'Chrome' access 'chrome.exe' (not actual group name or actual path)) and then assigned users to…
Edgar.A
  • 13
  • 5
0
votes
1 answer

Windows Server 2016 AppLocker blocking Universal Apps

We run AppLocker on our RDS servers. We keep the default rule list, add Allow rules for custom applications, and a single block rule. The block rule blocks explorer.exe for most users, preventing them from gaining a full Remote Desktop shell, but…
ltwally
  • 315
  • 2
  • 6
  • 21
0
votes
1 answer

Enable Applocker via Local Group Policy

I'm trying to enable Applocker for a standalone un-managed SOE. I've enabled the Application Identity Service, Created default executable rules, and set Executable Rules to "Enforce Rules" with "Configured" ticked. I've restarted several times,…
RedGazelle
  • 5
  • 4
1
2