Hi, First I would like to say sorry in advance for my bad english. I want to use AppLocker from a Windows Server 2016 Preview 5. I've red a lot informations about this app and how to configure it but I still have a problem. The GPO with AppLocker configured on my Windows Server works only for this machine. Others computers logged in the same domain can execute every program. For example I've choose to deny every programs in C:\program files and it works well on my Windows Server. But my computer on Windows 10 pro, connected to the same network and in the domain that I've defined, seems to ignore AppLocker's rules What I've already done is : - Create a GPO in the domain where my computer runs Windows 10 - Configure AppLocker from this GPO with 2 rules : The first one allows every program in the folder C:\Windows to be executed for every one and the second is to deny every program in the folder C:\Program files to be executed. - I've enforced this rules. - I've configured the Application Identity service to start automatically. - Finally I've decided to test my policy with these 2 commands (on my Windows 10 Pro computer): PS C:\ Get-AppLockerPolicy –Effective –XML > C:\Effective.xml PS C:\ Get-ChildItem 'C:\Program Files' –filter *.exe –Recurse | Convert-Path | Test-AppLockerPolicy –XMLPolicy C:\Effective.xml –User AD2016\test | Export-CSV C:\BlockedFiles.csv The csv file created tell me that every .exe in the folder C:\Program Files are denied. However I can still execute every program in this folder like Internet explorer. My both computer (Windows Servers 2016 and Windows 10 pro) are virtualized, I don't know if it changes anything. Do you know how I could fix it ? Thank you