question

asa2007 avatar image
0 Votes"
asa2007 asked asa2007 commented

AppLocker Rules with AD Group

Hello,

I have AppLocker deployed on-premise in a production environment and am very happy and comfortable with how it is working. The general allow rules for 'whitelisted' applications currently apply for 'everyone' but I would like to make some rules that allow certain files for certain computers or users. I create a new rule in the policy, set it to allow and then in the select user or group section I select an AD security group I have created and populated. This NEVER works whether the group is populated with users or with computers, the application I am allowing remains blocked. If, however, I target a single AD user it works.

Any ideas?

Thanks!

windows-10-security
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

yagmoth555 avatar image
0 Votes"
yagmoth555 answered

Hi

If you target a group you need to make sure the GPO delegation is set with Domain Computer -> Read policy set on it.

It's not there by default, as if it's not there the computer can't read the GPO to apply it.

Thanks

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

asa2007 avatar image
0 Votes"
asa2007 answered

Thanks @yagmoth555 for the response.

Unfortunately that did not help - besides, the issue also occurs if the group is populated with users. It only works if there's a user added to the AppLocker allow rule and not a group.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered TimOgborne-3221 published

Hello Asa,

When you begin the design and planning process, you should consider the ramifications of your design choices. The resulting decisions will affect your policy deployment scheme and subsequent application control policy maintenance.

Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the Defender App Guard feature availability.

Firstly check the Windows Defender Application Control and AppLocker feature availability using the below link

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/feature-availability

When determining what types of rules to create for each of your groups, you should also determine what enforcement setting to use for each group. Different rule types are more applicable for some apps, depending on the way that the applications are deployed in a specific business group.

To select the types of rules to create, follow up the below link

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/applocker/select-types-of-rules-to-create

Hope this answers all your queries, if not please do repost back.
If an Answer is helpful, please click "Accept Answer" and upvote it : )

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for your response.

We have the rules all set up and for 99+% of it, it works - it is only if have a rule that uses an AD group rather than a user that it does not work. The field even asks 'user or group' but it absolutely will not work with a group, only a single user.

0 Votes 0 ·