I'm trying to enable AppLocker on Windows 10 Enterprise.
I have AppID and AppIDSVC enabled and set to automatic start, and everything looks good. However, when I start inserting policy rules into AppLocker (specifically, .dll rules), I get the following error in Event Viewer:
AppID policy conversion failed. Status Access is denied
User: SYSTEM
That's basically all the info I get.
Why is it trying to convert the policy? Where is this policy? How do I give the system access?
If I ignore this error (which is not a good idea unless you're working on a clean machine with recent restore points) and I continue to configure AppLocker, it works for that session. When I reboot, after the BIOS loads, the OS does not, I get a grey screen and need to restore.
This is obviously not good, and I have been working around the clock trying to fix it. I have found nothing that helps on the internet thus far, so insight or advice would be greatly appreciated.
Best Answer
The description of this error can be found on Microsoft's Technet article Using Event Viewer with AppLocker, and is:
The status you're getting is "access denied," which tells you which general direction to look in, as well. Someone else had this issue when
LOCAL SERVICEhad insufficient rights to modify or delete logs atC:\Windows\System32\config\TxR, so that's the type of permissions issue I'd suspect here as well. (By which I mean, something completely unintuitive and non-obvious.)To track it down precisely, the best thing I can think of is to to open up Process Monitor from the SysInternals Suite just before you start adding your AppLocker rules, and then filtering through the output to see which file or folder it is that
SYSTEMis trying to access when the error is thrown. Once you know where the access is denied, hopefully it's a simple matter of explicitly givingSYSTEMfull control to the location.