Share via

How to block lower version app to run via AppLocker?

Anonymous
2024-10-21T01:40:51+00:00

HI,

we wanted to block user to run some lower version app, i found that we can reach the goal via AppLocker, but in my testing, i tested Zoom, Outlook, looks AppLocker not work, may i know if limitation for AppLocker setup?

***Moved from Windows11/performance and system***

Windows for business Windows Client for IT Pros Directory services Active Directory

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

17 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-11-04T02:12:49+00:00

    HI Daisy,

    Why do not you select MSI package directly?

    from the path, i can't find any MSI package after the installation after the installation finished. or you mean i should select the original MSI package which i used for the installation?

    Hello

    Good day!

    my query is that i installed zoom application from MSI package, after the installation finished the application is exe, so means we should check the suffix from final application is MSI or not?

    A: Why do not you select MSI package directly?

    further, if i set the policy from “Local Security Policy editor”, i can select exe suffix, may i know if “Local Security Policy editor” way can work?

    A: You can use local group policy, but you need to set it on every machine one by one.

    Best Regards,
    Daisy Zhou

    0 comments
  2. Anonymous
    2024-11-22T08:49:42+00:00

    Hello

    Greetings!

    You can try to set the group policy setting and check if it helps.

    1.Create one GPO and link it to domain.
    2.Navigate to the following path: User Configuration\Administrative Templates\System\Don’t run specified Windows applications.

    Prevents Windows from running the programs you specify in this policy setting.

    If you enable this policy setting, users cannot run programs that you add to the list of disallowed applications.

    If you disable this policy setting or do not configure it, users can run any programs.

    This policy setting only prevents users from running programs that are started by the File Explorer process. It does not prevent users from running programs, such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt (Cmd.exe), this policy setting does not prevent them from starting programs in the command window even though they would be prevented from doing so using File Explorer.

    Note: Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting.

    Note: To create a list of allowed applications, click Show. In the Show Contents dialog box, in the Value column, type the application executable name (e.g., Winword.exe, Poledit.exe, Powerpnt.exe).

    after you set the GPO settings, sign out and sign in one domain user account and check if it helps.

    Best Regards,
    Daisy Zhou

    0 comments