AppLocker

This article is part of my small series about AppLocker, a technology built into Windows that enables administrators to audit and optionally block application execution. AppLocker and UAC One of the default rules allows unrestricted application execution for administrators. That is only sensible. After all, someone needs to be able to troubleshoot and perform maintenance. However, if UAC is enabled, that rule is not very useful. Remember: UAC filters the SID for the group Administrators from the access token during normal operation. With the Administrators’ SID gone, AppLocker is active for administrators in the same way it is for all other users. Administrators wishing to bypass AppLocker need to start executables from an elevated command prompt (or right-click and select run as administrator), which is often impractical.

This article is part of my small series about AppLocker, a technology built into Windows that enables administrators to audit and optionally block application execution. AppLocker Security There is no perfect security, every product has its vulnerabilities and AppLocker is no exception. These are the problems I am aware of.

This is the first in a small series of articles about AppLocker, a technology built into Windows that enables administrators to audit and optionally block application execution. Requirements AppLocker works on: