I am working with Windows 7 x86 Enterprise machines and trying to configure AppLocker for different application development teams. We do not want them to have full administrative access to their machines but we do want them to have control over their programs.
One of the teams needs to be able to adjust regedit.exe (HKLM > Software > Oracle) binaries. I have set the Application Identity service to auto start on boot and made sure AppLocker properties had a check next to configured for executables and enforce rules.
I imported the default rules and added a PATH rule for regedit.exe and allowed for a specific domain user. I have also set the allow for all files in the windows folder for the domain user.
The problem is this doesn't work and they still get errors when trying to change keys in the registry. Any advice? We do not have Group Policy set for Applocker. I am thinking if it isn't defined then it isn't managed. Would a GPO have to be created before this would work?