Hey everyone! I'm currently running AppLocker in blacklist mode, which allows everything except specific entries, as a temporary measure to block certain app installations. Now, I want to switch to whitelist mode, which denies everything except a few allowed entries based on default rules. This change seems straightforward for regular users since they typically use programs from the Program Files, but the IT team has apps installed in various directories like 'C:Oracle_12' or 'C:Oracle_21'. I'm curious about how much work others have put into configuring AppLocker and if you faced any challenges with other teams during the process. Any tips would be really helpful!
5 Answers
Keep in mind that Microsoft is moving away from AppLocker. We've had better luck with WDAC, which can be simpler to set up, but you'll have to invest time getting it just right. It offers similar functionalities and is manageable via Intune.
Honestly, it took a ton of work and keeping it updated has been a real headache.
The bigger question is why users have admin rights to install anything. Even without them, users find ways to install programs in their AppData.
It really depends on your security needs. In some places, I only require Authenticode signatures, while in others, I’ve set up a special directory for unsigned apps but block all except approved software. It varies by company.
Using Aaronlocker scripts can really simplify managing AppLocker. As a solo admin for about 200 endpoints, it took me roughly a month running everything in audit mode to get it right before gradually enforcing rules.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures