none
AppLocker not working like I think it should

    Question

  • Howdy all,

    I am trying to prevent the students in my college from running a downloadable exe that prevents the computer from going into a screen saver state.  I have configured AppLocker to look for the file hash and prevent it from running, but my tests are all failing.  I have enabled the one rule and the group policy, but it's still not working.

    My clients are Win7 Ent and my servers are 2012 r2.  I'm new to using AppLocker, so any and all help is appreciated.


    Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Thursday, February 11, 2016 9:35 PM

Answers

  • Hello,

    You may first run Gpresult on the client to check whether the policy settings are listed under applied policy. If not, you may run gpupdate /force to force apply it.

    Make sure you have configured the Application Identity service to start automatically.

    Please follow the articles below to troubleshoot Applocker policy issue:

    Testing and Updating an AppLocker Policy

    https://technet.microsoft.com/en-us/library/ee791793(v=ws.10).aspx

    How to Troubleshoot AppLocker

    http://www.grouppolicy.biz/2013/04/how-to-troubleshoot-applocker/

    Regards,

    Yan Li


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Obujuwami Friday, February 19, 2016 5:55 PM
    Friday, February 12, 2016 2:59 AM
    Moderator

All replies

  • Hello,

    You may first run Gpresult on the client to check whether the policy settings are listed under applied policy. If not, you may run gpupdate /force to force apply it.

    Make sure you have configured the Application Identity service to start automatically.

    Please follow the articles below to troubleshoot Applocker policy issue:

    Testing and Updating an AppLocker Policy

    https://technet.microsoft.com/en-us/library/ee791793(v=ws.10).aspx

    How to Troubleshoot AppLocker

    http://www.grouppolicy.biz/2013/04/how-to-troubleshoot-applocker/

    Regards,

    Yan Li


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Obujuwami Friday, February 19, 2016 5:55 PM
    Friday, February 12, 2016 2:59 AM
    Moderator
  • Hi Obujuwami

    On the client machines I recommend you check the local AppLocker event logs here to gather diagnostics:

    Event Log Path: Applications and Services Logs/Microsoft/Windows/AppLocker

    And like Yan Li suggested, please ensure the AppLocker GPO is applying to the client machines.

    If you are still having issues after all this, please try configuring your AppLocker rule to use another method other than file hash.

    Hope this helps

    Jesse

    Friday, February 12, 2016 4:57 AM
  • Thanks for the help Yan!  I got it up and running the way it should be, though a few other programs are also being blocked, but I can get around that.  Thanks!


    Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Friday, February 19, 2016 6:07 PM