none
AppLocker block unsigned EXEs

    Question

  • Hello.  I've got AppLocker set up and mostly working on my lab. Before we start a test group. I was curious to know is there a way to block all unsigned executables using AppLocker? I found this article http://technet.microsoft.com/en-us/library/dd723683(v=WS.10).aspx.  There are some errors that were found in these instructions.  Anyone get this to work in their environment? Thanks for any help.
    Monday, January 5, 2015 11:28 PM

Answers

  • I forgot to remove the allow all rule for built in admins. Now working. Sorry for the delay.
    • Marked as answer by Nall White Thursday, January 15, 2015 11:11 PM
    • Edited by Nall White Thursday, January 15, 2015 11:11 PM
    Thursday, January 15, 2015 11:11 PM

All replies

  • Hello.  I've got AppLocker set up and mostly working on my lab. Before we start a test group. I was curious to know is there a way to block all unsigned executables using AppLocker? I found this article http://technet.microsoft.com/en-us/library/dd723683(v=WS.10).aspx.  There are some errors that were found in these instructions.  Anyone get this to work in their environment? Thanks for any help.
    Monday, January 5, 2015 11:29 PM
  • are you pointing to CautionCaution ?

    it's saying all the applications you are going to block / allow must be digitally signed.

    Tuesday, January 6, 2015 6:08 AM
  • Hi Nall,

    >>I was curious to know is there a way to block all unsigned executables using AppLocker?

    How is it going? To do this, we should follow the steps described in the article you provided. For Applocker rule behavior, if no AppLocker rules for a specific rule collection exist, all files with that file format are allowed to run. However, when an AppLocker rule for a specific rule collection is created, only the files explicitly allowed in a rule are permitted to run.

    Regarding Applocker rules, the following article can be referred to for more information.

    Understanding AppLocker Rules

    http://technet.microsoft.com/en-us/library/dd759068.aspx

    TechNet Subscriber Support
    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

    Best regards,
    Frank Shen

    Thursday, January 8, 2015 2:52 PM
    Moderator
  • I was tried this today and didn't work. I'll try again tomorrow. thanks.
    Friday, January 9, 2015 3:08 AM
  • Hi Nall,

    It's been a while. How is it going? If it still doesn't work, please don't hesitate to let us know and we may try to figure it out together.

    TechNet Subscriber Support
    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

    Best regards,
    Frank Shen

    Thursday, January 15, 2015 6:31 AM
    Moderator
  • I forgot to remove the allow all rule for built in admins. Now working. Sorry for the delay.
    • Marked as answer by Nall White Thursday, January 15, 2015 11:11 PM
    • Edited by Nall White Thursday, January 15, 2015 11:11 PM
    Thursday, January 15, 2015 11:11 PM