I'm trying to comply with regulations by blocking browsing with Microsoft Edge and email access via Outlook for local admin accounts. I've been experimenting with AppLocker in Audit Mode and it seems like the rules for blocking Outlook are working, but when I switch to Enforced mode, I get an immediate notification that Edge is blocked as soon as I log in. Also, the search bar and Windows key stop functioning. The counter for Edge increases rapidly, suggesting that it may be tied to other system functions that break when I block it. Is there a better way to handle this with AppLocker, or should I consider other alternatives?
4 Answers
It sounds like you're trying to manage compliance, but keep in mind that if you're not blocking at the network level, local admins might find ways around your restrictions. You might want to explore using a Network Access Control (NAC) tool like FortiNAC. Edge is pretty integrated with Windows, so blocking it completely might be complicated. A better approach could involve policies that deny certain URLs using Group Policy Objects (GPO) to limit access.
What does your enforcement policy look like? If you have a default deny policy without allowing exceptions, it might be blocking everything, not just what you intend. Also, consider using path and publisher rules instead of hash rules, since updates can change hash numbers and break your setups.
Yes, relying on hashes is risky in AppLocker. Switch to path-based rules to ensure stability.
Remember, Edge runs in the background by default unless you manage it properly. If it’s too integrated, you might want to think about setting hard proxy settings that don’t lead anywhere. That can be a more effective way to manage access without a total block.
Blocking it at the network level is indeed crucial, especially with local admins who can bypass many of your measures.
Have you thought about just uninstalling Edge? While there are dependencies on it, some might find a way to do so without much hassle.
True, but some applications rely on it, especially WebView2. Uninstalling could lead to other issues.
Exactly, using GPO to implement a URL blocklist can be effective. Setting it to block all URLs essentially disables its functionality.