WEM Security Executable Rules are not working as expected
Article ID: CTX583966
Updated On:
Description
AppLocker policies configured through Citrix Workspace Environment Management (WEM) under Security -> Executable Rules are not working as expected.
Resolution
WEM is the medium to push Windows AppLocker policy to the target PC. This can be configured through Group Policy and AppLocker functionality which is owned by Microsoft.
The issue can occur due to misconfigurations in WEM Console:
Administrator can inspect the following registry on the target machine to check if the policy is applied and make necessary correction of the rule in WEM Console. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe
The issue can occur due to misconfigurations in WEM Console:
- Target user is a member of administrator group.
- If the target user is a member of the local administrator group, the specified applications will remain unrestricted, even if the rule has been applied to the intended user group. This occurs because there exists a default rule allowing administrators to open executables from any file location.
- Overwrite option was selected instead of Merge.
- In a multi-session operating system, selecting the 'Overwrite' option will result in the rules applied to the currently logged-in user being replaced by those of the user who last logged into the same machine. Merge option should be selected.
- The 'Path' value in the Executable Rule enclosed within double quotation marks.
- If 'Path' value in the Executable Rule enclosed within double quotation marks, the rule does not get applied. This behavior is not restricted to WEM, same is seen with GPO as well.
Administrator can inspect the following registry on the target machine to check if the policy is applied and make necessary correction of the rule in WEM Console. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SrpV2\Exe
Problem Cause
Misconfiguration
Was this article helpful?
Yes
No
Powered by
