Jan 25 2023 07:42 AM - edited Jan 25 2023 07:42 AM
Hello!
We are using applocker via CSP (AppLocker CSP - Windows Client Management | Microsoft Learn) and it has been working great for years. But for some reason it resently stoped working with updates. If i publish a new XML the device will ge the XML, I can verify it by looking att the XML files in c:\Windows\system32\AppLocker\MDM\x\x\Applocker\ApplicationLaunchRestrictions\x\ and then the coresponding folder for each type, but it wont apply unit i remove all .policy files in c:\Windows\system32\AppLocker
Can anyone help me understand why I need to delete those files in order to get it working?
Jan 26 2023 12:47 PM
Not sure why it's failing to reapply, but possibly you could take a look at this PowerShell to go about clearing the local policy. Could be a possible workaround to purge the .policy files.
How to clear a local Applocker policy
Only other thought is that possibly during a previous update, some bad policy value got set which ends up clogging the XML from properly refreshing. Only way to know that would be to backtrack through the updates, or possibly restart with a fresh policy config rather than continuing to update the existing.
Please upvote and accept this thread as answered if it's helpful, thanks!
Jan 26 2023 10:59 PM