Share via

How to block lower version app to run via AppLocker?

Anonymous
2024-10-21T01:40:51+00:00

HI,

we wanted to block user to run some lower version app, i found that we can reach the goal via AppLocker, but in my testing, i tested Zoom, Outlook, looks AppLocker not work, may i know if limitation for AppLocker setup?

***Moved from Windows11/performance and system***

Windows for business Windows Client for IT Pros Directory services Active Directory

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

17 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-10-21T09:25:24+00:00

    Hello Gary Chen2,

    Thank you for posting in Microsoft Community forum.

    AppLocker is a powerful tool for controlling which applications users can run on a Windows system, but its effectiveness depends on proper configuration. There are several potential reasons why AppLocker might not be working as expected in your tests. Here are some common areas to check:

    1. Rule Configuration:

    Ensure that you have properly configured the rules in AppLocker. AppLocker rules can be based on file paths, publishers, or file hashes. Incorrectly configured rules may not block the intended applications.

    1. Enforcement:

    Make sure that AppLocker is set to enforce rules and not just audit them. You can check this in the AppLocker properties under the enforcement tab.

    1. Rule Priority:

    AppLocker rules are processed in a specific order, and more specific rules take precedence over general ones. Check for any conflicting rules that might allow the applications to run.

    1. Service Status:

    AppLocker relies on the Application Identity Service. Ensure that this service is running. You can start it manually via services.msc and set it to start automatically.

    1. Policy Refresh:

    After creating or modifying AppLocker rules, make sure to refresh the policy. You can do this by running gpupdate /force in a command prompt.

    1. Scope: Verify that the rules are applied to the correct user or group. Policies applied to specific users or groups may not affect others.
    2. Event Viewer: Review the event logs for AppLocker under Application and Services Logs -> Microsoft -> Windows -> AppLocker. Look for any warnings or errors that might provide hints on why the rules are not being enforced.

    I hope the information above is helpful.

    If you have any question or concern, please feel free to let us know.

    Best Regards,

    Daisy Zhou

    0 comments
  2. Anonymous
    2024-10-23T04:30:04+00:00

    Hello Gary Chen2,

    Thank you for posting in Microsoft Community forum.

     

    AppLocker is a powerful tool for controlling which applications users can run on a Windows system, but its effectiveness depends on proper configuration. There are several potential reasons why AppLocker might not be working as expected in your tests. Here are some common areas to check:

    1. Rule Configuration:

    Ensure that you have properly configured the rules in AppLocker. AppLocker rules can be based on file paths, publishers, or file hashes. Incorrectly configured rules may not block the intended applications.

    1. Enforcement:

    Make sure that AppLocker is set to enforce rules and not just audit them. You can check this in the AppLocker properties under the enforcement tab.

    1. Rule Priority:

    AppLocker rules are processed in a specific order, and more specific rules take precedence over general ones. Check for any conflicting rules that might allow the applications to run.

    1. Service Status:

    AppLocker relies on the Application Identity Service. Ensure that this service is running. You can start it manually via services.msc and set it to start automatically.

    1. Policy Refresh:

    After creating or modifying AppLocker rules, make sure to refresh the policy. You can do this by running gpupdate /force in a command prompt.

    1. Scope: Verify that the rules are applied to the correct user or group. Policies applied to specific users or groups may not affect others.
    2. Event Viewer: Review the event logs for AppLocker under Application and Services Logs -> Microsoft -> Windows -> AppLocker. Look for any warnings or errors that might provide hints on why the rules are not being enforced.

     

    I hope the information above is helpful.

     

    If you have any question or concern, please feel free to let us know.

     

    Best Regards,

    Daisy Zhou

    HI Daisy, can you advise below point 2, how to check it? from my side, looks no "enforcement tab"?

    1. Enforcement:

    Make sure that AppLocker is set to enforce rules and not just audit them. You can check this in the AppLocker properties under the enforcement tab.

    0 comments
  3. Anonymous
    2024-10-23T08:41:25+00:00

    Hello

    Greetings!

    Please check it here.

    Configure an AppLocker policy for enforce rules | Microsoft Learn

    Best Regards,
    Daisy Zhou

    0 comments
  4. Anonymous
    2024-10-24T08:25:36+00:00

    HI Daisy,

    From my side, it is empty for "Windows Installer Rules", if any step missed from my side. Is it possible share me the detail steps for how to setup AppLocker to block lower version app to run? Thanks.

    Hello

    Greetings!

    Please check it here.

    Image

    Configure an AppLocker policy for enforce rules | Microsoft Learn

    Best Regards,
    Daisy Zhou

    0 comments
  5. Anonymous
    2024-10-24T09:23:09+00:00

    Hello

    it is empty for "Windows Installer Rules", if any step missed from my side.

    A: If you do not configure Executable Rules, Windows Installer Rules, Script Rules, and Packaged app Rules, all of them are empty.

    If you want to configure it/them, you need to right click any one of Executable Rules, Windows Installer Rules, Script Rules, and Packaged app Rules, then create rule (see below).

    Setting up AppLocker to block lower-version apps involves creating rules that specify which applications can or cannot run on your system. Here's a step-by-step guide on how to set up AppLocker in Windows:

    Step 1: Enable the Application Identity Service

    1. Press Win + R, type services.msc, and press Enter.
    2. In the Services window, locate the "Application Identity" service.
    3. Right-click on it, select Properties, and set the Startup type to Automatic.
    4. Click Start to start the service, then click OK.

    Step 2: Open Local Security Policy (on one test machine and test it via local group policy)

    1. Press Win + R, type secpol.msc, and press Enter.

    Step 3: Configure AppLocker Rules

    1. In the Local Security Policy window, expand Application Control Policies.
    2. Click on AppLocker.
    3. You will see different rule categories: Executable Rules, Windows Installer Rules, Script Rules, and Packaged app Rules.

    Step 4: Create a New Rule

    1. Right-click on Executable Rules and select Create New Rule. This will start the Create Executable Rules wizard.
    2. On the Before You Begin page, click Next.
    3. On the Permissions page, select Deny and then specify the user or group that the rule will apply to. Click Next.
    4. On the Conditions page, select a condition type (Publisher, Path, or File Hash).

    Publisher: If you want to block applications based on their publisher information, such as specific versions.

    Path: To block apps located in a specific directory.

    File Hash: To block specific files by their hash values.

    For Publisher Condition

    1. If you select Publisher, click Next.
    2. In the Publisher window, click Browse to find an example executable file that you want to block.
    3. Once the file is imported, you will see hierarchy levels such as Publisher, Product Name, File Name, and File Version.
    4. Move the slider to the File Version level.
    5. Click on Use a custom value next to the File version, then set the version you want to block (e.g., Version <= 1.0.0.0).

    Click Next.

    Step 5: Name and Finish the Rule

    1. Provide a name and description for the rule.
    2. Click Create to finish.

    Step 6: Apply the AppLocker Policy

    1. Go back to the Local Security Policy window.
    2. Under AppLocker, right-click on AppLocker and select Properties.
    3. On the Enforcement tab, ensure that the rules you've created are enforced on the appropriate user groups.

    Step 7: Test the Policy

    1.Make sure to test the policy on a non-production environment first to ensure it works as expected.

    1. Attempt to run an application that should be blocked according to your rule.

    Optional: Use Group Policy for Domain Environments If you are in a domain environment and want to apply the AppLocker policy across multiple machines:

    1. Open Group Policy Management Console (gpmc.msc).
    2. Create a new Group Policy Object or modify an existing one.
    3. Navigate to Computer Configuration -&gt; Policies -&gt; Windows Settings -&gt; Security Settings -&gt; Application Control Policies -&gt; AppLocker.
    4. Configure the rules as described above.

    AppLocker | Microsoft Learn

    Best Regards,

    Daisy Zhou

    0 comments