Solved

Create AppLocker rule in GPO for a local user account

Posted on 2015-01-30
3
513 Views
Last Modified: 2015-02-06
I would like to create an applocker rule in a GPO that applies to a local user that has been created on a group of machines.  When I assign an applocker rule, it doesn't let me enter a user, but forces me to select a domain user or a local user that exists on the machine I am using to edit the GPO.

I tried just creating the user on my machine I am using to edit the GPO, but it seems to tie the rule to the SID for that account on that computer which certainly wouldn't be the same SID on all of the other computers.  They would have different SID's for the local account.

How can I apply an applocker rule to a local user in a GPO?
0
Comment
Question by:gacus
3 Comments
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40580645
you can't create a GPO for a local account
GPO is applied to an OU which implies domain accounts
0
 
LVL 1

Author Comment

by:gacus
ID: 40580660
That is not true.  GPO apply to either to computers or users(domain accounts).  In this case the Applocker policy applies to the computer machine policy.  Within the Applocker policy rules you can select the users that this applies to.  You can clearly select "Everyone" which includes local users and the (LOCAL) BUILTIN\Administrator.  I just want to specify a different local account.

All of my computers that I am referring to are joined to the domain and I am applying the policy to the machine.
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40582766
You can't apply to Applocker rule to single local user account from domain based GPO

Your rule will be applied to all local users including administrator on specific group of machines (when you apply rule to everyone) and to domain users who will logon to those machines

Even if you use conventional software restriction policies, it will behave in same way
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

The reason that corporations and businesses use Windows servers is because it supports custom modifications to adapt to the business and what it needs. Most individual users won’t need such powerful options. Here I’ll explain how you can enable Wind…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
The goal of this Micro Tutorial is to help navigate beginning users with the app store on Windows 8. It will explain exciting features how to maximize your PC through these apps. This will be demonstrated using Windows 8 operating system.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now