from time to time I consult customers in the configuration of Windows 10 AppLocker. I really love AppLocker because it’s super simple, reliable and enterprise ready in terms of administrative overhead. Furthermore it’s the recommended tool for the configuration of unwanted / not needed apps within Windows 10. But sometimes AppLocker kind of “breaks” my Windows 10 start menu and stops Apps from strarting up. Although the AppLocker enforcement is disabled.
This szenario happened very often to me because I handled AppLocker in the wrong way after my workshops. When I was done with the demo I just deleted the policies and disabled the service in one step which is the actual cause that AppLocker kind of breaks afterwars. The explanation can be found in the below TechNet article
Problem: AppLocker Rules Still Enforced After the Service is Stopped
But what can we do? There are several ways that can resolve this issue.
Option 1: Create Default Rules
When you enforce AppLocker to run but don’t want anything to be restricted yet you will probably start whith this step anyway. So click on each of the categories “Executable Rules”, “Windows installer Rules”, “Script Rules”, “Packaged app Rules” and “Create Default Rules”.
COMPUTER > Policies > Windows Settings > Security Settings > Application Control Policies > AppLocker > Packaged app Rules
Right-click and choose Create Default Rules.
That allows Everyone to run All signed packaged apps.
After that configure AppLocker policies to be enforced and restart the computer.
After reboot open up services.msc search for “Application Identity” service and make sure it’s in “running” -state.
There is a chance that this has fixed your client.
Option 2: DISM – Restore Health
It has never fixed the problem for me, but some of my collegues told me, that another way is to use DISM with the parametes /Cleanup-Image and /RestoreHealth so open an elevated PowerShell console and type in:
DISM /Online /Cleanup-Image /RestoreHealth
This will scan the image to check for corruption (further information can be found here). Depending on the size and performance of the machine this can take very long. Afterwads you need to do a reboot.
Option 3: Clean up AppLocker Directory and delete AppLocker rules:
This szenario is the most effective one but be careful it will delete all your previously created AppLocker rules!
First you need to stop the enforcement of AppLocker Policies by unchecking the “Configured” option:
Then reboot the Computer.
After the reboot open up Local Securtiy Policy again. Navigate to AppLocker, right-click and “Clear Policy”. Then again reboot the machine.
Afterwards we will use the Set-AppLockerPolicy cmdlet with the -XMLPolicy parameter to clear what is still remaining. Open a Notepad and paste the below:
<AppLockerPolicy Version="1"> <RuleCollection Type="Exe" EnforcementMode="NotConfigured" /> <RuleCollection Type="Msi" EnforcementMode="NotConfigured" /> <RuleCollection Type="Script" EnforcementMode="NotConfigured" /> <RuleCollection Type="Dll" EnforcementMode="NotConfigured" /> </AppLockerPolicy>
Save the file as “clear.xml” in a directory (for example C:\temp).
Then open PowerShell with elevated rights and navigate to C:\temp
Import the AppLocker PoSh module with the below command:
And execute the Set-App Locker Policy command to clean everything up.
Set-AppLockerPolicy -XMLPolicy .\clear.xml
Reboot the machine.
Afterwards let’s say in 90% of the scenarios the machine will work as before AppLocker was enabled. In some very though circumstances where this didn’t resolve the issue I had to clean up the AppLocker directory manually.
Navigate to the directory:
Delete everything (AppCahce.dat will not be deleted as it is in use):
Rerun the above PowerShell cleanup and reboot the machine.
Additional information can be found on TechNet: Delete an AppLocker rule
Hope that helps.
the last solution works perfect for me. Thanks
Wow, I thought I had completely hosed my machine — I was testing Applocker a few months ago, and recently removed and readded my computer to the domain and suddenly couldn’t run certain programs like calc.exe and Windows Defender. I did all the steps and the last step worked for me as well.
Thank you very much. Youve saved my… day 😉
The applocker seems to be a nice idea, but it is SO broken.
My client wanted to limit the user access only to a ERP app, so I did some testing with Applocker, but it messed up the newly installed system so badly. The rules weren cleaned and they were applied even after deleting.
BAD BAD microsoft here…
How to deactivate AppLocker in my computer windows10
You can clear all policies
You pretty much saved my complete environment. I accidentally remove the default application rules from my domain wide AppLocker policy…
So ALL programs stopped working after updating the policy. Including such programs as shutdown gpupdate and such. Deleting the contents of the applocker folder let me repair those clients which restarted before windows pulled the new policy which included the default rules.
Thanks, you saved me also, the last step of clearing out the applocker folder was required so that I didn’t get stuck with a black screen. Many thanks.
Guys … I tried writing a script to disabled the applocker through command prompt but it failed … If we can remove this , it’s so much more easier ^^
Holy **** after ripping my hair out for hours, deleting the files from %windir%\System32\AppLocker\ finally fixed my issue. If you ever go from rules defined in GPO applied to the wrong machine, and then fix the GPO rule to exclude that machine, no amount of hackery ever gets it back apparrently!
Thank you! Option 3 got me back to normal. I won’t touch AppLocker again.
#3 fixed it for me…. extremely weird that AppLocker worked even without AppIDSvc running in the background….
man, you are great! your solutions helped. thanks a lot!
Damn, thank you so much for this post. This saved my day! I enabled applocker on Windows 11 not realizing it was a whitelist tool. I initially enabled the default policies, but realized it wasn’t doing what I expected. Machine rebooted at some point and my taskbar, windows search, and start menu were trashed. Took a bit of digging to figure out it was the app locker policies. Deleting the files from the system32\applocker folder ended up fixing it for me.
Thank you again!!!
Its the packaged apps part of Applocker that causes this.
Just having the Applocker GPO enabled and applied, despite nothing inside it being enforced or turned on, was enough to break Windows 10 start menu apps on the client machine.
I think this was caused by a previous applocker GPO having been deleted outright, instead of being disabled first.
Either way, the solution I found was to create default rules in ‘packaged app rules’ and then configure/enforce packaged app rules.
But this was to fix a client machine on a local domain. Running applocker directly on Win10 may be different.
Option 3 got me back, I love you, GOD it wanted to ruin my day 🙂