Hello,
I'm trying to use AppLocker on a Windows 2016 to audit/controller what a service running as a service account can access. When I run a command like whoami.exe from a service AppLocker does not show any audit trail in the log files. When I login as that service account and run whoami.exe, the AppLocker Logs fills with entries. I know this was a problem with 2012 R2, but I thought I heard it was fixed in 2016. Does anyone know if it was fixed in 2016? Maybe 2019? Is there a special switch I have to do to allow AppLocker to work with services?
Thanks for any help on this.
Dan