Location: Mail List

Ads

Skyscraper

The GPTalk Mailing List

The GPTALK mailing list is where you can send and receive email related to Windows Group Policy. You must subscribe to the list to send and receive mail from the list. The purpose of the list is to provide a forum for asking and answering technical questions related to Group Policy. Any question is fair game as long as it is related to Windows Group Policy.  The Archives for this list can be found on this page.

 

List Posts

Forums >GPTalk >GPTalk Mailing List
Subject: [gptalk] AppLocker Strange Behaviour
Prev Next
You are not authorized to post a reply.

AuthorMessages
y2kUser is Offline

Posts:28

07/28/2009 10:50 PM  
Hi All

I decided it was about time I started looking a bit more at Win7, so
tonight I started looking at AppLocker. My "test environment"
consists of just a laptop with Win7 installed and up to date. But,
I've seen some strange behaviour which I can't explain

I created an exe rule to prevent .exe's from being run from
%OSDRIVE%\users\* and I then started the application identity service.
I decided there was no need for the default rules (I now know this
was a BIG mistake !!!!) as I was only blocking the above path. But,
then I could no longer run anything that wasn't already open !!

So, I restarted the machine so that the application identity service
could stop (it was set to manual startup) and I could run everything
again. So, I created the default rules this time so that I'd still be
able to run what I needed to. Once again, I started the application
identity service, but once again, I was unable to run ANYTHING.
Fortunately, I'd kept the services.msc window open, so I stopped the
application identity service ... but, even more surprising, the
applications were STILL being blocked.

Can anybody explain why it's blocking all applications instead of just
the ones contained in the above path. And why, after stopping the
application identity service, the apps were still blocked ?

I do also have a few general questions about AppLocker:

1. What wins over software restirction policies and AppLocker
policies ? If I have a software restiction path rule that blocks
%programfiles%\office\12\winword.exe and an applocker path rule that
allows %programfiles\office\12\winword.exe - which wins ?

2. With software restiction policies, I can specify which file
extensions the policies should apply to. Is there any way to do the
same thing for Script Rules

3. Does Windows Installer rules elevate permissions ? Or are they
just a way of specifying where msi's can be run from ? I'm pretty
sure it's the latter, but just wanted to double check !

Sorry, I know this seems like a very lazy post, but I can't seem to
find much documentation on this so far. Anything I have found just
explains how to configure rules etc but doesn't get into the nitty
gritty that I'm interested in

thanks in advance
M
You are not authorized to post a reply.
Forums >GPTalk >GPTalk Mailing List > [gptalk] AppLocker Strange Behaviour



ActiveForums 3.7

Members

MembershipMembership:
Latest New UserLatest:carmicklec
New TodayNew Today:0
New YesterdayNew Yesterday:0
User CountOverall:1399
People OnlinePeople Online:
VisitorsVisitors:0
MembersMembers:0
TotalTotal:0
Online NowOnline Now:

Ads

Banner Inv
Copyright 2009 by GPOGUY.COM
Terms Of Use