Using Applocker with a legacy logonscript from NETLOGON

hi, me again!

i working hard applocker work legacy logonscripts netlogon share.

i use path rule allow start of bat file.

what i've tried far:

• \\domain.name\netlogon
• \\domain.name\netlogon\*
• \\domain\netlogon
• \\domain\netlogon\*
• \\everysingledc\netlogon
• \\everysingledc\netlogon\*

i have tried %logonserver% variable (which doesn't work, applocker doesn't support variable).

can me this? don't seem work. has got solution?

thanks in advance, appreciated.

david

hi kevin,

thanks reply.

the script , executable rules in place have be. have say, not first time use applocker, sure first time doesn't want.

i have deleted old applocker gpo , restarted scratch. created default rules, , had wizard automatically generate rules netlogon , sysvol.

all executables , scripts supposed called included in new rules, have checked that.

the default executable rule windows folder doesn't work "%windir%\system32\windowspowershell\v1.0\powershell.exe" exception. meaning, can still call powershell. @ least used work, somehow managed break that.

what's weird created new applocker gpo wizard rules , still doesn't work.

any other suggestions?

cheers,

david

---

david rees-clark

edit: have edited applocker gpo work legacy logonscript. i've done:

• added every single dc via \\dc\netlogon , \\dc\sysvol using rule wizard, both in executable , in script

this seems have solved problem. logonscript works now, , applocker in place executable user might download.

only thing left powershell. topic.

thanks hanging me.

david

Windows Server  >  Group Policy