Pirate,
from time to time I consult customers in the configuration of Windows 10 AppLocker. I really love AppLocker because it's super simple, reliable and enterprise ready in terms of administrative overhead. Furthermore it's the recommended tool for the configuration of unwanted / not needed apps within Windows 10. But sometimes AppLocker kind of 'breaks' my Windows 10 start menu and stops Apps from strarting up. Although the AppLocker enforcement is disabled.
This szenario happened very often to me because I handled AppLocker in the wrong way after my workshops. When I was done with the demo I just deleted the policies and disabled the service in one step which is the actual cause that AppLocker kind of breaks afterwars. The explanation can be found in the below TechNet article
But what can we do? There are several ways that can resolve this issue.
On a computer running Windows 10 Enterprise, start Group Policy Editor (GPEdit). Under Computer Configuration Windows Settings Security Settings Application Control Policies AppLocker, right-click and select Properties, then enable Packaged app Rules and select Enforce rules. This turns on our AppLocker rules. Once done, click OK. Developer Community for Visual Studio Product family. Please do not remove the ability to create and edit queries. Open file with a single click. You can use AppLocker as part of your overall security strategy for the following scenarios: -Help prevent malicious software (malware) and unsupported applications from affecting computers in your environment. Monitor and block suspicious processes behaviors to prevent infections by malware. The AppLocker CSP should be available on Windows 10 Pro also. Only managing AppLocker with GPO is not supported on Windows 10 Pro. For more information, see also: Regards, Peter.
Option 1: Create Default Rules
When you enforce AppLocker to run but don't want anything to be restricted yet you will probably start whith this step anyway. So click on each of the categories 'Executable Rules', 'Windows installer Rules', 'Script Rules', 'Packaged app Rules' and 'Create Default Rules'.
COMPUTER > Policies > Windows Settings > Security Settings > Application Control Policies > AppLocker > Packaged app Rules
Right-click and choose Create Default Rules.
That allows Everyone to run All signed packaged apps.
After that configure AppLocker policies to be enforced and restart the computer.
After reboot open up services.msc search for 'Application Identity' service and make sure it's in 'running' -state.
There is a chance that this has fixed your client.
Option 2: DISM – Restore Health
It has never fixed the problem for me, but some of my collegues told me, that another way is to use DISM with the parametes /Cleanup-Image and /RestoreHealth so open an elevated PowerShell console and type in:
This will scan the image to check for corruption (further information can be found here). Depending on the size and performance of the machine this can take very long. Afterwads you need to do a reboot.
Option 3: Clean up AppLocker Directory and delete AppLocker rules:
This szenario is the most effective one but be careful it will delete all your previously created AppLocker rules!
First you need to stop the enforcement of AppLocker Policies by unchecking the 'Configured' option:
Then reboot the Computer.
After the reboot open up Local Securtiy Policy again. Navigate to AppLocker, right-click and 'Clear Policy'. Then again reboot the machine.
Afterwards we will use the Set-AppLockerPolicy cmdlet with the -XMLPolicy parameter to clear what is still remaining. Open a Notepad and paste the below:
Save the file as 'clear.xml' in a directory (for example C:temp).
Then open PowerShell with elevated rights and navigate to C:temp
Import the AppLocker PoSh module with the below command:
And execute the Set-App Locker Policy command to clean everything up.
Reboot the machine.
Afterwards let's say in 90% of the scenarios the machine will work as before AppLocker was enabled. In some very though circumstances where this didn't resolve the issue I had to clean up the AppLocker directory manually.
Navigate to the directory:
Applocker Windows 10 Download
Delete everything (AppCahce.dat will not be deleted as it is in use):
Rerun the above PowerShell cleanup and reboot the machine.
Additional information can be found on TechNet: Delete an AppLocker rule
Hope that helps.
Sail ho! How to view mkv files.
*Cpt
Application Identity (AppIDSvc) Service Defaults in Windows 10
Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced.
Default Settings
| Startup type: | Manual |
| Display name: | Application Identity |
| Service name: | AppIDSvc |
| Service type: | share |
| Error control: | normal |
| Group: | ProfSvc_Group |
| Object: | NT AuthorityLocalService |
| Path: | %SystemRoot%system32svchost.exe -k LocalServiceNetworkRestricted -p |
| File: | %SystemRoot%System32appidsvc.dll |
| Registry key: | HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesAppIDSvc |
| Privileges: |
|
Default Behavior
Application Identity is a Win32 service. In Windows 10 it is starting only if the user, an application or another service starts it. When the Application Identity service is started, it is running as NT AuthorityLocalService in a shared process of svchost.exe along with other services. If Application Identity fails to start, the failure details are being recorded into Event Log. Then Windows 10 will start up and notify the user that the AppIDSvc service has failed to start due to the error.
Dependencies
Application Identity cannot be started under any conditions, if the following services are disabled, deleted or working improperly:
While Application Identity is stopped, the Smartlocker Filter Driver service cannot be launched.
Restore Default Startup Configuration for Application Identity
Before you begin doing this, make sure that all the services on which Application Identity depends are configured by default and function properly. See the list of dependencies above.1. Run the Command Prompt as an administrator.
2. Copy the command below, paste it into the command window and press ENTER:
sc config AppIDSvc start= demand
3. Close the command window and restart the computer.
Microsoft Applocker Download Windows 10
It has never fixed the problem for me, but some of my collegues told me, that another way is to use DISM with the parametes /Cleanup-Image and /RestoreHealth so open an elevated PowerShell console and type in:
This will scan the image to check for corruption (further information can be found here). Depending on the size and performance of the machine this can take very long. Afterwads you need to do a reboot.
Option 3: Clean up AppLocker Directory and delete AppLocker rules:
This szenario is the most effective one but be careful it will delete all your previously created AppLocker rules!
First you need to stop the enforcement of AppLocker Policies by unchecking the 'Configured' option:
Then reboot the Computer.
After the reboot open up Local Securtiy Policy again. Navigate to AppLocker, right-click and 'Clear Policy'. Then again reboot the machine.
Afterwards we will use the Set-AppLockerPolicy cmdlet with the -XMLPolicy parameter to clear what is still remaining. Open a Notepad and paste the below:
Save the file as 'clear.xml' in a directory (for example C:temp).
Then open PowerShell with elevated rights and navigate to C:temp
Import the AppLocker PoSh module with the below command:
And execute the Set-App Locker Policy command to clean everything up.
Reboot the machine.
Afterwards let's say in 90% of the scenarios the machine will work as before AppLocker was enabled. In some very though circumstances where this didn't resolve the issue I had to clean up the AppLocker directory manually.
Navigate to the directory:
Applocker Windows 10 Download
Delete everything (AppCahce.dat will not be deleted as it is in use):
Rerun the above PowerShell cleanup and reboot the machine.
Additional information can be found on TechNet: Delete an AppLocker rule
Hope that helps.
Sail ho! How to view mkv files.
*Cpt
Application Identity (AppIDSvc) Service Defaults in Windows 10
Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced.
Default Settings
| Startup type: | Manual |
| Display name: | Application Identity |
| Service name: | AppIDSvc |
| Service type: | share |
| Error control: | normal |
| Group: | ProfSvc_Group |
| Object: | NT AuthorityLocalService |
| Path: | %SystemRoot%system32svchost.exe -k LocalServiceNetworkRestricted -p |
| File: | %SystemRoot%System32appidsvc.dll |
| Registry key: | HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesAppIDSvc |
| Privileges: |
|
Default Behavior
Application Identity is a Win32 service. In Windows 10 it is starting only if the user, an application or another service starts it. When the Application Identity service is started, it is running as NT AuthorityLocalService in a shared process of svchost.exe along with other services. If Application Identity fails to start, the failure details are being recorded into Event Log. Then Windows 10 will start up and notify the user that the AppIDSvc service has failed to start due to the error.
Dependencies
Application Identity cannot be started under any conditions, if the following services are disabled, deleted or working improperly:
While Application Identity is stopped, the Smartlocker Filter Driver service cannot be launched.
Restore Default Startup Configuration for Application Identity
Before you begin doing this, make sure that all the services on which Application Identity depends are configured by default and function properly. See the list of dependencies above.1. Run the Command Prompt as an administrator.
2. Copy the command below, paste it into the command window and press ENTER:
sc config AppIDSvc start= demand
3. Close the command window and restart the computer.
Microsoft Applocker Download Windows 10
Applocker Windows 10 Product
The AppIDSvc service is using the appidsvc.dll file that is located in the %WinDir%System32 folder. If the file is changed, damaged or deleted, you can restore its original version from Windows 10 installation media.
