applocker questions?
Just got started with applocker and already have noticed some wierd behavior and have some other questions also:
1. If i turn "executable rule enforcement" off by unchecking the configured checkbox the rules are still in enforcement. For example i set up a rule so that IE couldn't be ran. No matter what the rule was enforced no matter if executable rule enforcement
was checked or unchecked and i ran "gpupdate /force" after every change. The only way i could get programs to run that were blocked by applocker was to check configured and choose "Audit Only" from the drop down. Sounds like a bug yes?
2. Apparently the rules you create for BUILTIN\Administrators doesn't recognize your logged in as an adminstrator because of windows 7 lowering your security principle when you login. For example if i allowed only IE to run for Administrators then it
would be blocked when i logged in as my main account which is an administrative account. The only way i could get it to run is to right click the icon and choose Run As Administrator. It would be a pain to setup another group just so administrators can run
programs i only want them to be allowed to run or they have to right click every time and choose "Run As Administrator". Any solution for this?
3. When you create a rule the default is everyone but after you create a rule you can no longer choose everyone as the group. You must delete and recreate the rule. This also seems like a minor bug.
4. Is there a way to create a rule for users profile directory? I tried %USERPROFILE%\* but the next button is disabled.
May 19th, 2011 8:52pm