Im currently experiencing issues trying to apply an applocker script blocking policy.
I am using a Windows 2012 domain controller and trying to apply this to a Windows 7 Hyper V VM to test before applying to our live environment.
My goal is to block *.bat files running on the users desktops and home drives.
I have done the following -
made sure the application identity service is running on server and client
configured the policy - to test ive set a deny policy on my test account and directed it to block the folder i want it to block and i have tried leaving the * at the end to block scripts in the whole folder aswell as adding .bat to the start to set a wildcard.
Ive then enforced the policy.
when i apply this to a test folder its appearing to block all.bat files from running outside of the folder without the usual applocker message stating its been blocked by the system administrator.
When i attempt to run a .bat file cmd will pop up briefly and then go again.
Any thoughts as to what im doing wrong to not generate the usual applocker message? has any used applocker to block scripts before as theres a real dirth in information on the net for blocking bat files using applocker.