Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

AppLocker Rules with Publisher Conditions Cannot be Automatically Generated for Digitally Signed Scripts

Updated: September 24, 2009

Applies To: Windows 7, Windows Server 2008 R2

This article describes a known issue in AppLocker where script files digitally signed by publishers cannot be used by the Automatically Generate Rules wizard to create a rule with publisher conditions.

This article applies to the following operating systems:

  • Windows® 7

  • Windows Server® 2008 R2

When running the Automatically Generate Rules wizard for AppLocker, or the AppLockerPolicy PowerShell cmdlet, AppLocker will not create rules with publisher conditions for script files that are digitally signed by a software publisher.

The Automatically Generate Rules wizard will only create rules with publisher conditions when the application file in question contains a product name, and digitally signed scripts do not include product names. As a result, the wizard will not create publisher conditions for signed scripts.

Instead of creating publisher conditions for the signed scripts, the Automatically Generate Rules wizard for AppLocker, or the AppLockerPolicy PowerShell cmdlet, will create conditions based on the path or file hash preferences that you have previously specified for files that are not signed. Alternatively, you can create a rule for the script using the Single Rule wizard. Once a single rule has been created for the script, all of that publisher’s signed scripts can then be executed.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.