AppLocker

  • Article

2/13/2013

This test verifies that AppLocker enterprise capabilities are functioning correctly on your Windows Embedded 8 Standard (Standard 8) device that has been upgraded with a volume license key. AppLocker enables you to set policies that control how users can access and use files, such as executable files, scripts, Windows Installer files, and DLLs.

Usage

At a command prompt with administrator rights, type the following to verify AppLocker enterprise capability:

TestKit.exe /test applocker

Prerequisites

Your device must meet the following requirements in order for this test to succeed:

  • A volume license key has been applied to the device.

What the Test Does

The test performs the following steps:

  1. Start the AppLocker service.
  2. Get the current AppLocker policy settings and save them to .\FeatureTests\SupportFiles\policies.xml.
  3. Update AppLocker policy settings to allow the createCmd1 script to run and to block the createCmd2 script.
  4. Wait for AppLocker to retrieve the updated policy settings.
  5. Attempt to run the createCmd1 script, which should be allowed by AppLocker.
  6. If the createCmd1 script does not run successfully, perform the following steps:
    1. Reset the AppLocker policy settings to their original values.
    2. Report an error “AppLocker is not functioning correctly. AppLocker blocked a script that is configured to run.”
    3. Exit the test.
  7. Attempt to run the createCmd2 script, which should be blocked by AppLocker.
  8. If the createCmd2 script runs successfully, perform the following steps:
    1. Reset the AppLocker policy settings to their original values.
    2. Report an error “AppLocker is not functioning correctly. AppLocker didn't block a script that is configured to be blocked.”
    3. Exit the test.
  9. Reset the AppLocker policy settings to their original values.

Troubleshooting

If the AppLocker test does not succeed, some of the most common causes are:

  • The device has not had a volume license key applied.
  • The disk is full or write-protected, preventing the test scripts from writing a small file to verify functionality.

If the test is interrupted while running, you can run the test again and let the test complete to clean up any changes made by the test, or you can follow these steps:

To reset your AppLocker policy to its original value

  1. Open a PowerShell command prompt with administrator rights.

  2. Change your directory to the location of Test Kit for Windows Embedded 8 Standard Enterprise Capabilities.

    The default location is %PROGRAMFILES%\Test Kit for Windows Embedded 8 Standard Enterprise Capabilities

  3. Type the following command to restore your original AppLocker policy:

    Set-AppLockerPolicy –xmlpolicy .\FeatureTests\SupportFiles\policies.xml

See Also

Reference

Test Kit for Windows Embedded 8 Standard Enterprise Capabilities