Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Hard_Configurator Tools
Applocker on Windows Home part 2.
Message
<blockquote data-quote="Andy Ful" data-source="post: 1028202" data-attributes="member: 32260"><p>This thread is about a different method of applying the AppLocker policies on Windows Home. The first method was discussed in the thread:</p><p>[URL unfurl="false"]https://malwaretips.com/threads/applocker-on-windows-home.118614/[/URL]</p><p>It was based on MDM WMI Bridge implemented in PowerShell.</p><p></p><p><strong><span style="color: rgb(0, 168, 133)">In this thread, I am going to use the GPO policies.</span></strong></p><p>Yes, the GPO Applocker policies can work well on Windows 10 Home without GPO!!!</p><p></p><p><strong>How to do it.</strong></p><p>One has to use the binary policies made on the computer with Windows Pro (Appx.AppLocker, Dll.AppLocker, Exe.AppLocker, Msi.AppLocker, Script.AppLocker). They are located in the directory:</p><p>%WinDir%\System32\Applocker</p><ol> <li data-xf-list-type="ol">Copy these 5 policies to the computer with Windows 10 Home (into %WinDir%\System32\Applocker).</li> <li data-xf-list-type="ol">Open the PowerShell console with Administrator rights and set the AppIDSvc service to automatic:<br /> <span style="color: rgb(41, 105, 176)"><strong>sc.exe config appidsvc start= auto</strong></span></li> <li data-xf-list-type="ol">Add the registry keys (the second key is QWORD):<br /> <strong><span style="color: rgb(41, 105, 176)">[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Srp\Gp]<br /> "RuleCount"=dword:00000002<br /> "LastWriteTime"=hex(b):01,00,00,00,00,00,00,00</span></strong></li> <li data-xf-list-type="ol">Restart the computer.</li> </ol><p>[ATTACH=full]273380[/ATTACH]</p><p></p><p></p><p>[ATTACH=full]273379[/ATTACH]</p><p></p><p>The AppLocker protection can be turned OFF/ON by changing the registry value:</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Srp\Gp]</p><p>"RuleCount"=dword:00000002</p><p></p><p>If it is equal to 0 then AppLocker is turned OFF. If it is equal to 2, then AppLocker is turned ON.</p><p></p><p>WARNING:</p><ul> <li data-xf-list-type="ul">When AppLocker is turned ON, the SRP automatically turns itself OFF. So, the restrictions made by SimpleWindowsHardening or Hard_Configurator will not work with AppLocker.</li> <li data-xf-list-type="ul">This method is incompatible with AppLocker introduced via MDM WMI Bridge (MDM policies should be removed from the AppLocker directory).</li> </ul><p></p><p>The method presented in this thread is new, so please test it first in the Virtual Machine.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 1028202, member: 32260"] This thread is about a different method of applying the AppLocker policies on Windows Home. The first method was discussed in the thread: [URL unfurl="false"]https://malwaretips.com/threads/applocker-on-windows-home.118614/[/URL] It was based on MDM WMI Bridge implemented in PowerShell. [B][COLOR=rgb(0, 168, 133)]In this thread, I am going to use the GPO policies.[/COLOR][/B] Yes, the GPO Applocker policies can work well on Windows 10 Home without GPO!!! [B]How to do it.[/B] One has to use the binary policies made on the computer with Windows Pro (Appx.AppLocker, Dll.AppLocker, Exe.AppLocker, Msi.AppLocker, Script.AppLocker). They are located in the directory: %WinDir%\System32\Applocker [LIST=1] [*]Copy these 5 policies to the computer with Windows 10 Home (into %WinDir%\System32\Applocker). [*]Open the PowerShell console with Administrator rights and set the AppIDSvc service to automatic: [COLOR=rgb(41, 105, 176)][B]sc.exe config appidsvc start= auto[/B][/COLOR] [*]Add the registry keys (the second key is QWORD): [B][COLOR=rgb(41, 105, 176)][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Srp\Gp] "RuleCount"=dword:00000002 "LastWriteTime"=hex(b):01,00,00,00,00,00,00,00[/COLOR][/B] [*]Restart the computer. [/LIST] [ATTACH type="full" alt="1678127679074.png"]273380[/ATTACH] [ATTACH type="full" alt="1678127402275.png"]273379[/ATTACH] The AppLocker protection can be turned OFF/ON by changing the registry value: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Srp\Gp] "RuleCount"=dword:00000002 If it is equal to 0 then AppLocker is turned OFF. If it is equal to 2, then AppLocker is turned ON. WARNING: [LIST] [*]When AppLocker is turned ON, the SRP automatically turns itself OFF. So, the restrictions made by SimpleWindowsHardening or Hard_Configurator will not work with AppLocker. [*]This method is incompatible with AppLocker introduced via MDM WMI Bridge (MDM policies should be removed from the AppLocker directory). [/LIST] The method presented in this thread is new, so please test it first in the Virtual Machine. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
