Is not deployed via GPO (local policy only) and "Local Service" has full control over the folder. Where this error is the result of applocker being deployed by GPO where either the GPO store is too large (exceeds 100mb) or the folder C:\Windows\System32\config\TxR having incorrect permissions for "Local Service" neither are true in my case. Which has lead me to a few threads on technet The interesting thing I have found is that if I attempt to run appidpolicyconverter.exe manually it DOES log an error in the event log "AppID policy conversion failed. I have verified the integrity of the necessary files: I've taken the step to have the nonfunctional system export its rule set and run a text comparison tool against both. All are identical and the other 4 are functioning exactly This particular system is 1/5 members of our RDS farm. With that said, I'm quite familiar with the configuration aspects, I've got AppLocker running on many of the other systems in our environment. In an effort to not clutter this thread up more than it is, is there a specific section you are interested I'm happy to upload or post its contents but theres a lot of information in there. I have run gpresult /h and outputted it to an html file. Please note, applocker IS NOT being deployed via GPO in our environment, rather a local security policy via secpol.msc I'm not sure what else to try on this system. There are no differences in GPO settings between the working and not working systems.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |