Answered by:
AppLocker on Server Core?

Question
-
I am keen to understanding whether AppLocker is supported on Windows Server 2012 Server Core. From the following article, it sounds like it should be possible:
Windows PowerShell can used to manage AppLocker on Server Core installations using the AppLocker cmdlets and, if administered within a GPO, the Group Policy cmdlets. For more information, see the AppLocker PowerShell Command Reference.
http://technet.microsoft.com/en-us/library/hh831440.aspx
Having tried to test this, it looks like switching to Server Core removes the Application Identity service, which I understand is required for enforcement of AppLocker rules.
My online searches failed to find a definitive answer.
Thanks
Tony <a href="http://www.activedir.org">www.activedir.org </a>blog:<a href="http://www.open-a-socket.com">www.open-a-socket.com</a>
Monday, October 14, 2013 7:40 PM
Answers
-
Hi Tony,
AppLocker isn't supported on 2012 Server Core edition. Please use normal 2012 with GUI to manage AppLocker.
Thanks, BrianPlease remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
- Marked as answer by Andy Qi Wednesday, November 6, 2013 9:39 AM
Tuesday, October 22, 2013 6:25 AM -
Hi Tony,
Please check it out below:
http://technet.microsoft.com/en-us/library/ee424382.aspxRegards, Brian
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
- Marked as answer by Andy Qi Wednesday, November 6, 2013 9:39 AM
Friday, November 1, 2013 11:12 AM
All replies
-
Hi ,
Thank you for posting your issue in the forum.
I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
Thank you for your understanding and support.
Best Regards,
Andy Qi
If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
Wednesday, October 16, 2013 9:06 AM -
Hi Tony,
AppLocker isn't supported on 2012 Server Core edition. Please use normal 2012 with GUI to manage AppLocker.
Thanks, BrianPlease remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
- Marked as answer by Andy Qi Wednesday, November 6, 2013 9:39 AM
Tuesday, October 22, 2013 6:25 AM -
Thanks Brian
It would be useful if you could ask the documentation teams to update the on-line content to reflect this.
Tony <a href="http://www.activedir.org">www.activedir.org </a>blog:<a href="http://www.open-a-socket.com">www.open-a-socket.com</a>
Monday, October 28, 2013 7:06 PM -
Hi Tony,
Please check it out below:
http://technet.microsoft.com/en-us/library/ee424382.aspxRegards, Brian
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
- Marked as answer by Andy Qi Wednesday, November 6, 2013 9:39 AM
Friday, November 1, 2013 11:12 AM -
Please check it out below:
http://technet.microsoft.com/en-us/library/ee424382.aspxNowhere on that page does it say that Core mode isn't supported. In my testing too it seems Applocker rules are only enforced in Minimal and Full GUI modes (relies on AppIDSvc being present, which it isn't in Core mode).
Seems strange, I thought Core mode was meant to be the more secure approach?
Tuesday, December 10, 2013 1:31 AM