My Applocker policy appears to be behaving incorrectly, and I need to know if this is the type of behavior I should expect with the way the policy is setup.
Running Windows 2008 R2, all Windows 7 Ultimate clients. Application Identity service enabled and started, and we have successfully used AppLocker for nearly 2 years now. The Executable rules are being enforced, Windows Installer set to Audit only, and Script rules are not configured. I never edit my policy right from GPO, I export it to my local desktop and edit it from my local security policy editor and then export/import back into my GPO.
I have a screenshot of a basic AppLocker policy that is not applying correctly in my mind. With this policy (which I rebuilt as a test), I experience the following results when trying to open a .EXE from this location.
The user account which is a member of the Domain Admin security group gets blocked by the AppLocker policy when trying to launch GoToMeeting.
The user that is a member of the AppLocker Group, can run GoToMeeting.
The Administrator can launch GoToMeeting.
My path rules that are named All Files simply have an * for the path. The AppLocker PC group contains every PC in the organization except Administrative computers, with Exceptions for C:\Program Files (x86)\* and C:\Windows\Temp\*
If I change my Allow rules from the security group Domain Admin, to just a username account then it allows the user to launch GoToMeeting. Even though they are a member of the Domain Admin group.
What is the "catch all" for an administrative group to be able to install .EXE's using AppLocker?