Wednesday, June 5, 2013

Applocker Findings

I was playing with Appclocker recently and below is some of my findings.

Have you ever configured the rules and policies but the features just doesn’t work for you? Many of the sites show you how to configure the rules and policy but didn’t explain that the Application Identity system service is one of the main component. The Application Identity service determines and verifies the identity of an application. Stopping this service will prevent AppLocker policies from being enforced. Therefore, START the Application Identity service!!!

Your Active Directory is Windows Server 2012 and your client workstation is Windows 7. You configured and enforced the rules and policies in the server but it doesn’t work on the Windows 7 workstation. Group Policy Management Console (GPMC) or Remote Server Administration Tools (RSAT) is needed in this situation. You wouldn’t face this issue if you are using “Windows Server 2008 R2 and the workstation is Windows 7” or “Windows Server 2012 and the workstation is Windows 8”.

No comments:

Post a Comment