Sucky....the MS documentation says this The AppLocker engine can only interpret AppLocker path variables
That's rather...poor, as it only includes machine variables. Suppose you could try this - %OSDRIVE%\USERS\*\APPDATA\LOCAL\TEMP\APPNAME.EXE From: [email protected] [mailto:[email protected]] On Behalf Of Miller Bonnie L. Sent: 19 January 2016 19:52 To: [email protected] Subject: [NTSysADM] Applocker Exe rules I'm working on policies for our Win10 deployment (Surface Pro 4's have been ordered, they only come with 10) and have an applocker question, specifically with executable rules. I can't use standard system variables in the paths, like we have done with Software Restriction Policies. Instead there are some special vars available, but I'm not finding anything for user folders/appdata. Has anyone found a way to define the following with any sort of variable? C:\users\username\appdata\something.exe Specifically, we have a program (onedrive.exe) that is in the user profile path by default, but needs to be blocked for all users, even administrators. With the default rules, the program is blocked for everyone who is a standard user but is allowed for admins. I know I can successfully block programs for admins as I have a similar rule already working that points to the groove.exe location in Program files and it can't be run, but everything I've tried for this one doesn't seem to work as I can't craft a working variable. Am I stuck with hashing this file and every new version? I realize there are options for not even installing some of the default apps that come with 10-we are looking at that as well, but we may want to allow the next gen sync client for some people later, if we ever get to one-to-one. I'm also thinking that we might have a need to use this sort of path to ALLOW an executable to run from a user profile path. Thanks for any and all ideas and suggestions! -Bonnie
