AppLocker Default rules causing Chrome to take 20 seconds to start up

Ken Zygmunt 76 Reputation points
2022-06-13T11:37:44.1+00:00

Hi

I have a Server 2019 Server with an AppLocker GPO containing default rules. i..e BUILTIN\Administrators are allowed to run all EXEs, DDLs, scripts, AppX etc.
If I link in this GPO to the OU containing my Server 2019 RDS Farm, log onto one of those servers as a domain admin and run "gpupdate /force" then start either Chrome or Edge, Chrome takes over 20 seconds before it's ready to use and Edge takes close to 10 seconds.

It I un-link the GPO, and do another "gpupdate /force", both chrome and Edge take approx 1 second to start.

Even if I set the Enforcement properties from "enforce rules" to "audit only", it start causes Chrome and Edge to take 20 an 10 seconds to start respectively.

All browser startup tests are performed using a domain admin account.

Why would the mere presence of the AppLocker GPO being linkd (wih with audit only" set cause such a huge delay to the start up of both browsers?

BTW, the teting was done on both an RDP session and the console of the server in case RDP was causing it, but this did not affect the timings in any way.

Regards

Ken Z

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,882 questions
Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,688 questions
0 comments No comments
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.