AppLocker is a great new feature that was introduced in Windows 7 that allowed IT Admins to prevent the running of certain application in their corporate environment (e.g. Chrome). However there are a number of steps and pre-requisites for this feature to work that seem to catch people up quite often. So below is a simple troubleshooting flow chart that should help you go through the common issues that happen when setting up an AppLocker rule in your environment.
Note: This workflow is a check list for ensuring that your environment is configured correctly so that the AppLocker rule will actually apply as they are configured.
Rule Tip: It’s also worth mentioning to NEVER just configure a single Deny rule without the “Default Rules†also configured as this will have the affect of blocking ALL programs and thus breaking your computer.
If you are looking for a more detail step by step setup guide for AppLocker then I would definitely recommend check out my other blog post How to configure AppLocker Group Policy in Windows 7 to block third-party browsers
Do you have any other tips for troubleshooting AppLocker? then post them below in the comments.
How to Troubleshoot AppLocker http://t.co/iCsrd8DaAE
How to Troubleshoot AppLocker http://t.co/k8kcpViSTA via @alanburchill
How to Troubleshoot AppLocker http://t.co/fgSDuiHIBK
Alan, I’m happy with Applocker, and have it running on a pilot OU. One aspect that seems a little awkward is getting notifications of software that is blocked and then as an admin, being able to add a (publisher) rule for that software into the Applocker GP.
It seems like the only way to do it is to (1) get a notification from the user (2) obtain a copy of the .exe (3) scan the exe in the Applocker Rule Editor and (4) create new rule.
Is there a better way? For example, a way to have all Applocker Deny event forwarded to a central place, which would also contain details of the publisher so that new rules could be made more easily? It just seems a bit awkward at the moment.
Got event in Applocker Eventlog id: 8000 – AppID policy conversion failed. Status The requested operation was made in the context of a transaction that is no longer active..
Users with week accounts cannot log in, because %SYSTEM32%\USERINIT.EXE was prevented from running.
Any hint how to repair Applocker please? Application identity service is running fine
I wonder if this is a good site to post an Applocker problem just in case there’s a simple solution. We’re using it for the first time; we have no prior experience. It’s configured on 2000+ servers. We are only using “8003” event-records to report violations. Example problem: we have a company policy to disallow Chrome to execute on servers regardless of whether it is installed. When it’s executed directly, the violation comes through correctly as a 8003 record. When it’s called from another program, or indirectly, it comes through as a 8002 record. Is there a simple XML configuration-line we’re missing that will trap indirect and direct executions?