Any AppLocker gurus

Django x2 · 22 Jan 2014 at 13:50

Trying to block the launching of powershell using AppLocker GPO

I've created an AppLocker policy under the user container and then under Computer Config, Policies, Windows Settings, Security Settings, Application Control Policies, AppLocker, I have set the default rules for Executable Rules, then made an exception to system32\windowspowershell\v1.0\powershell.exe and powershell_ise.exe

Thing is, users still seem to be able to open Powershell, although nothing runs (script wise), it can still behave like CMD (browse directories, etc).

I don't even want it to run....Any ideas on it's behaviour or why it might not be working?

Thanks

Mikoyan · 23 Jan 2014 at 14:43

Can you try to create a new GPO and apply this at user level.

One you need is: 'Dont run specified Windows applications' which is in:

User Configuration\Administrative Templates\System\

You can try this policy and specify the executable you wish to block.

stealthgeek · 23 Jan 2014 at 14:45

Whats the reason for blocking it?

Pretty sure applocker policies only apply to Enterprise level client OS anyway.

Caged · 23 Jan 2014 at 15:37

Yeah, you are running 7 Enterprise aren't you?

AppLocker needs you to set the policies up and then also enable it, so make sure you've done that (and the service is running on the clients). Just applying AppLocker GPOs to clients won't do anything.

Django x2 · 23 Jan 2014 at 22:38

yep, running Ent 8.1. Managed to get it to work using the old (but still obviously working) software restricition policy