Configure the Application Identity Service

Applies To: Windows 7, Windows Server 2008 R2

This topic shows how to configure the Application Identity service to start automatically or manually in Windows Server 2008 R2 and Windows 7.

The Application Identity service determines and verifies the identity of an application. Stopping this service will prevent AppLocker policies from being enforced.


Because AppLocker uses this service to verify the attributes of a file, you must configure it to start automatically in at least one Group Policy object (GPO) that applies AppLocker rules.

To complete this procedure, you must have Edit Setting permission to edit a GPO. By default, members of the Domain Admins group, the Enterprise Admins group, and the Group Policy Creator Owners group have this permission.

To start the Application Identity service automatically

  1. Click Start, click Administrative Tools, and then click Group Policy Management to open the Group Policy Management Console (GPMC).

  2. Locate the GPO to edit, right-click the GPO, and click Edit.

  3. In the console tree under Computer Configuration\Windows Settings\Security Settings, click System Services.

  4. In the details pane, double-click Application Identity.

  5. In Application Identity Properties, configure the service to start automatically.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To start the Application Identity service manually

  1. Right-click the taskbar, and click Start Task Manager.

  2. Click the Services tab, right-click AppIDSvc, and then click Start Service.

  3. Verify that the status for the Application Identity service is Running.