none
Help with Applocker policy

    Question

  • Hi All,

    I'm want to setup a GPO that blocks the Teamviewer application from being started on our servers.

    I created a GPO and configured a Applocker exacutable rule based on Publisher as condition.
    Also I created the default rules that allows software to run from a few location on the local disk.

    I linked the GPO to a OU with a single server in it and a collegue reported he was unable to start an application which was installed on the D: drive.

    My only task is to block Teamviewer from running on our servers.
    I don't want to block anything else no matter which drive its starting from.

     Is it posible to configure a Applocker GPO like this?

    Thanks in advance for th help!

    lex

     

     

    Monday, September 5, 2016 6:25 AM

Answers

  • Hi lex,
    If you only want to block Teamviewer application, you could remove the rule about restriction of drive.
    Please refer to the following article regarding how to configure AppLocker Group Policy in Windows 7 to block a particular program step by step:
    http://www.grouppolicy.biz/2010/04/how-to-configure-applocker-group-policy-in-windows-7-to-block-third-party-browsers/
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
    Best Regards,
    Wendy

    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, September 6, 2016 1:58 AM
    Moderator
  • Hi,
    If I understand correctly, what you want is to block Teamviewer application from your several servers, if so you could have a try to follow the reference website step by step and see if it works.
    In addition, default rules is used to ensure that you don’t accidently stop Windows from working.You could compare your default allow rule with the one in the website, for test, I would suggest you take an example from reference firstly.
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, September 8, 2016 2:01 AM
    Moderator

All replies

  • Hi lex,
    If you only want to block Teamviewer application, you could remove the rule about restriction of drive.
    Please refer to the following article regarding how to configure AppLocker Group Policy in Windows 7 to block a particular program step by step:
    http://www.grouppolicy.biz/2010/04/how-to-configure-applocker-group-policy-in-windows-7-to-block-third-party-browsers/
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
    Best Regards,
    Wendy

    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, September 6, 2016 1:58 AM
    Moderator
  • Thank you for your reply.

    What exactly do you mean with "you could remove the rule about restriction of drive".

    Like the example in the URL the Policy has 3 rules.

    2 allow rules that allows starting of programs i the windows and program files folder.
    1 deny rule that disallows Teamviewer

    Perhaps i'm misunderstanding this.
    If no allow rules are configured would this mean every program is allowed on all drives?

     

     

    Tuesday, September 6, 2016 9:17 AM
  • Hi,
    If I understand correctly, what you want is to block Teamviewer application from your several servers, if so you could have a try to follow the reference website step by step and see if it works.
    In addition, default rules is used to ensure that you don’t accidently stop Windows from working.You could compare your default allow rule with the one in the website, for test, I would suggest you take an example from reference firstly.
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, September 8, 2016 2:01 AM
    Moderator