AppLocker Update 1

By SuperG - Last updated: Sunday, June 24, 2012 - Save & Share - Leave a Comment

So I tried “Authenticated users” and I had the same issue as Domain Users. And really it would not have solved my problem anyway even if it did work.

To test this I made a test machine and created a local AppLocker rule.


TEST 1

I am using Word this time, the rule is set for a group called “Office Users” (Did not want to use Domain Users again because I think people were getting confused by its use)

Again when trying to open a File with ADS I get an error, slightly different with word. But the AppLocker event error is the same.


If I remove the ADS or set the ZoneID to 0 it opens fine and if I set the rule to “everyone” it works fine.

TEST 2

Repeated the test with Excel and I have the same issues as in the original post.

Looking at the AppLocker events, I see that when running the file with ADS it generates 2 events. The first one is successful and the second one fails. I believe that the second one is when the application is trying to switch to protected view, and this is what is causing the application to fail.

So at this point I would say this is a repeatable Bug; and I think it has to do with the switch to protected view.

At this point I cannot use AppLocker to limit the use of Office 2010 to a Group.

Posted in Events, Security • Tags: , Top Of Page

Write a comment

You need to login to post comments!