Applocker not applying rules for user

Discussion in 'other software & services' started by Seagoon, Oct 19, 2011.

Thread Status:
Not open for further replies.
  1. Seagoon

    Seagoon Registered Member

    Joined:
    Oct 19, 2011
    Posts:
    2
    Long time reader, first time poster ;)

    I have an issue with Applocker and Windows 7 Enterprise, it has me pulling what's left of my hair out and I'm hoping someone here can shed some light on this issue for me.

    My aim is to use Applocker with Windows 7 Enterprise using the default ruleset. This seems to work relatively well, but I have come across a problem that means I cannot apply exceptions or new rules for a user.

    For example I add a new path rule that lets 'Everyone' run an application on the C:\ called allowed.exe. I create the new rule, allow some time for replication, then execute a gpupdate /force on the test computer. The expected result is that I can run the application as any user - the actual result is that I get a message about how it is blocked.

    I can verify using the Group Policy Results Wizard on our Domain Controller that the policy is being applied to the User / PC. Likewise I can use the Powershell Applocker modules to verify the policy has updated as the user. The problem is it just doesn't seem to apply the rules. I'm guessing it is some sort of problem with the Application Identity service and the way it processes rules as the user - but I am at a loss on how to troubleshoot this further. Repadmin and DCdiag report no issues and the event logs for Applocker don't appear to have any useful information as to what is going on.

    I have been posting in the Technet forums about this issue, which may provide you with more information.

    http://social.technet.microsoft.com...P/thread/5fd37848-b0f8-48e0-969f-ff5c250bf72e

    If someone could shed some light on this issue, I'd really appreciate it.
     
  2. wat0114

    wat0114 Guest

    @Seagoon,

    I'd really like to help, but I've no experience applying AppLocker over a network from a domain controller. All I would ask is you don't by chance have an enforced policy in place that might be interfering with the AppLocker one?
     
  3. Seagoon

    Seagoon Registered Member

    Joined:
    Oct 19, 2011
    Posts:
    2
    Hi wat0114

    At the moment there is only one Applocker policy being applied that is in its own GPO. I'll double check to confirm this - although if I query Applocker via Powershell it appears as the rules are configured to do what they should. They just don't apply to my standard user.

    o_O
     
  4. wat0114

    wat0114 Guest

    There is an MS site on AppLocker FAQ's that may help shed light on the problem here:

    -http://technet.microsoft.com/en-us/library/ee619725(WS.10).aspx#BKMK_UsersOrGroups

    There's even a caution:

    I'm not sure that's the issue, only a possibility maybe?? This is way over my head, as I only deploy AppLocker on my home pc, but hopefully there's something in that site that will help. Good luck!

    *EDIT*

    Just saw this FAQ:

    Maybe it has to be more specific than the "Everyone" group? Just hazarding a guess. What happens if you try applying to "Users" group? When you log into one of the clients, can you verify all AppLocker configuration settings are correct? I gather none of the changes you make in the GPO appear in the client machines as you'd expect?
     
    Last edited by a moderator: Oct 20, 2011
Loading...
Thread Status:
Not open for further replies.