Zoho Banner September 2011

Archive for October, 2013

Short answer:  No, AppLocker is not supported on Windows Server 2012 Server Core.

Slightly more long-winded answer:

My Google/Bing mojo failed to find a definitive answer to this question on-line.  In fact, I found two apparently conflicting sources of information.

This was the first one:

Windows PowerShell can used to manage AppLocker on Server Core installations using the AppLocker cmdlets and, if administered within a GPO, the Group Policy cmdlets. For more information, see the AppLocker PowerShell Command Reference.

http://technet.microsoft.com/en-us/library/hh831440.aspx

I tried to test this, but switching from “Server with a GUI” to Server Core removes the Application Identity service, which is required for enforcement of AppLocker rules.   The AppLocker event log is also removed.

This was the second one I found:

In Windows Server 2012 and Windows 8

AppLocker is supported on all Windows beta evaluation versions except the Server Core installation option.

http://technet.microsoft.com/en-us/library/ee619725(v=ws.10).aspx

Mmm, it only mentions the “beta evaluation” version, so a strong hint, but no definitive statement.

In the end I received a response from someone within Micrsoft to a Technet Forum post.  You can read the full thread here:

http://social.technet.microsoft.com/Forums/en-US/4d78ac57-df3d-444f-b6a4-9df892db8df8/applocker-on-server-core?forum=winservercore