This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 9%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
I found out that the applocker is suddenly active on the PC where this patch was installed and is loading changes from the GPO.
I thought it was just a matter of the enterprise edition and servers, at least it was like that until this patch. I even tried it on my home PC and applocker works after the patch. Is this a bug or will it be enabled for Pro edition? It looks like it doesn't check the SKU. Can anyone else confirm this?
Addition
We have an environment with windows Enterprise and Pro and they share part of the GPO. I have now correlated events from over 50 pc with Pro and before this update the event log log was showing unable to apply to this SKU. After the application, it started and started restricting according to the policy. This can now be run even on a PC without a domain, just start the AppIDSvc service and set the rules in the local policy and applocker will start working just like in enterprise. This did not work before this update.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 91%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EH%3C/text%3E%3C/svg%3E)
Hi, I can confirm that Applocker can be activated after installation of KB5018482 on Pro and even on Home editions of Windows.
Is this a bug that will be repaired or are there new Applocker activation policies? This is unpleasant since we are keeping our systems up-to-date in our company by installing latest updates and Applocker started blocking critical apps on all workstations and we must keep editing GPO.
Someone from Microsoft should comment on this!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 0%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJG%3C/text%3E%3C/svg%3E)
I apologize for the inconvenience. The new behavior is by-design as part of KB 5024351. This update completely removes the SKU/edition requirement for AppLocker policies. This change impacts Windows 10 versions 2004, 20H1, 21H1, Windows 11 21H1 and 22H2.
After the change, AppLocker policies will be enforced on Windows 10 version 2004+ irrespective of the deployment mechanism and irrespective of the system SKU. That is why you are seeing AppLocker policies enforced on Pro and Home SKUs.