AppLocker
2/13/2013
This test verifies that AppLocker enterprise capabilities are functioning correctly on your Windows Embedded 8 Standard (Standard 8) device that has been upgraded with a volume license key. AppLocker enables you to set policies that control how users can access and use files, such as executable files, scripts, Windows Installer files, and DLLs.
Usage
At a command prompt with administrator rights, type the following to verify AppLocker enterprise capability:
TestKit.exe /test applocker
Prerequisites
Your device must meet the following requirements in order for this test to succeed:
- A volume license key has been applied to the device.
What the Test Does
The test performs the following steps:
- Start the AppLocker service.
- Get the current AppLocker policy settings and save them to .\FeatureTests\SupportFiles\policies.xml.
- Update AppLocker policy settings to allow the
createCmd1
script to run and to block thecreateCmd2
script. - Wait for AppLocker to retrieve the updated policy settings.
- Attempt to run the
createCmd1
script, which should be allowed by AppLocker. - If the
createCmd1
script does not run successfully, perform the following steps:- Reset the AppLocker policy settings to their original values.
- Report an error “AppLocker is not functioning correctly. AppLocker blocked a script that is configured to run.”
- Exit the test.
- Attempt to run the
createCmd2
script, which should be blocked by AppLocker. - If the
createCmd2
script runs successfully, perform the following steps:- Reset the AppLocker policy settings to their original values.
- Report an error “AppLocker is not functioning correctly. AppLocker didn't block a script that is configured to be blocked.”
- Exit the test.
- Reset the AppLocker policy settings to their original values.
Troubleshooting
If the AppLocker test does not succeed, some of the most common causes are:
- The device has not had a volume license key applied.
- The disk is full or write-protected, preventing the test scripts from writing a small file to verify functionality.
If the test is interrupted while running, you can run the test again and let the test complete to clean up any changes made by the test, or you can follow these steps:
To reset your AppLocker policy to its original value
Open a PowerShell command prompt with administrator rights.
Change your directory to the location of Test Kit for Windows Embedded 8 Standard Enterprise Capabilities.
The default location is %PROGRAMFILES%\Test Kit for Windows Embedded 8 Standard Enterprise Capabilities
Type the following command to restore your original AppLocker policy:
Set-AppLockerPolicy –xmlpolicy .\FeatureTests\SupportFiles\policies.xml
See Also
Reference
Test Kit for Windows Embedded 8 Standard Enterprise Capabilities