Sami Laiho has been a Microsoft Most Valuable Professional (MVP) since 2011 and one of the world's leading IT experts for Windows and security. He has been teaching OS troubleshooting, management, and security since 1996. In 2019 TiVi-magazine chose Sami as one of the top 100 influencers in IT in Finland. For more info, go to https://samilaiho.com.
Latest posts by Sami Laiho (see all)
Until now, we have only been auditing. Audit mode only adds event log entries about apps that would have been prevented if AppLocker was in Enforced mode. When moving to Enforced mode, you need to be ready to react quickly. When you have a client that can't run what is needed, you have a few options:
Sometimes the problem needs to be solved super-fast, or the person having it is a VIP that we really need to be on our side with the project. There's nothing more important than having management buy in on things like this, so you don't want to kill AppLocker in the beginning by angering VIPs or stopping people from being productive.
What I recommend is that you create a new policy that you use for enforcing AppLocker and keep another policy for auditing. You ..
Support the originator by clicking the read the rest link below.
