

APPLOCKER SERVICE START HOW TO
Strange but okay, I can live with that when I know how to fix it. No problem at all, the problem occurs only on existing devices that are manually enrolled in Intune.
APPLOCKER SERVICE START WINDOWS 10
I installed a new Windows 10 device to be enrolled into a test tenant. Why doesn’t it work?īut I still wanted to test some more, because I found it a little odd that existing devices had no problems at all. It finally worked! All DLL’s were allowed again! 4. So I made a few changes to the XML and added the default rules back into it.Īfter some time, some coffee and manually syncing the device…. After they realized it hadn’t anything to do with AppLocker they forgot to change the AppLocker CSP to the old XML… After talking with the customer, they told me they had removed all rules earlier and put the enforcementmode to “ notconfigured” because they were experiencing performance impact and thought it had something to do with DLL AppLocker rules being configured. The weird thing is that all existing Windows 10 Azure AD joined devices were working correctly.Īfter taking a look at the CSP again I realized, the CSP only told me that the “ enforcementmode” was configured. But that’s not exactly the case as it was blocking all DLL’s at that moment. Īt first glance, it looked to me as if the DLL policy wasn’t configured. So, I opened Intune to take a look at the DLL AppLocker policy.

That just says it all… All errors 8004: DLL’s are blocked! 3. Get-WinEvent “Microsoft-Windows-AppLocker/EXE and DLL” After some digging with of course limited time and looking into some event logs with PowerShell I wanted to take a look at the AppLocker event log: One of them was the Solarwinds RMM agent, together with the included Remote Background tool.Īccess to the RMM tool gave me access to Remote PowerShell! So, I had some background information about processes, running services, and some other insights. So how do you start troubleshooting, when nothing works? Luckily the devices succeeded to enrol in Intune, so some required apps were automatically installed. When trying to open the task manager, nothing happened. When enrolling existing devices into Intune manually (devices were already Azure Ad Joined) all Windows 10 devices instantly got a black screen with a white cursor. Last week I was called by a co-worker about a weird problem. That 1% will apply when you are changing the existing XML CSP manually. Once you have automated the process you can be 99% sure it will not fail you. If you want to know more about how to implement AppLocker a la minute: Implementing Applocker could take you some time.
APPLOCKER SERVICE START SOFTWARE
When you have implemented AppLocker correctly you’re able to cross off some of the categories:Ī.9.4.4 Use of Privileged Utility ProgramsĪ.12.5.1 Installation of Software on Operational SystemsĪ.12.6.2 Restrictions on Software Installation In one of my last blogs, I pointed out that implementing Microsoft 365 will help you with your ISO 27001 certification journey. Implementing AppLocker is always a wise thing to do even when there is a possibility it “breaks” your Windows 10 installation. I will divide this blog into multiple parts I have updated this blog after responding to a question on Reddit. This blog will be about how a “NotConfigured“ AppLocker policy can come back to haunt you.
