Deploying Applocker initially through ConnectWise RMM

If you'd prefer to do this approach manually, please see -

---

INFO

This guide is intended for new PCs that have never had Applocker deployed before. If Applocker has been previously enabled on the PC, please run the hotfix.

DANGER

DO NOT DO THIS ON A SERVER
These Security Policies should only be done on workstations.

1

Head to

2

Select devices you need to deploy to

TIP

If you don't do this, you'll be prompted prior to running the script regardless.

3

In the top-left click Run

3.1

In the Sub-menu navigate to Applocker

4

Click on Applocker Initial

5

Select the Run later option

Input a reasonable time to schedule this script.

WARNING

The script includes a log off step. Avoid running this while someone is working.

6

Click on Run Task

NOTICE ON PATHS

Due to each clinic varying with software it's near impossible to whitelist everything, please be mindful that some programs that clinic's use daily may be accidentally blocked. Head to - to manually add the required paths.

WHAT THE SCRIPT DOES

Open me for the process

Step 1

Confirm itadmin exists

Before continuing it will look for an itadmin user account, if the account doesn't exist, it'll halt and send an email to helpdesk.

Step 2

Enable AppIDSvc

This is important for Applocker to function

Step 3

Delete existing GPO folder

Just in case a GPO policy was already in place

Step 4

Removal of Applocker Policies

As per last step description

Step 5

Import .XML to system

Add the .xml file to a temporary file path

Step 6

Import .XML to policy

Apply the .xml to the workstation

Step 7

Cleanup .XML file

Deletes the .xml applocker file that was temporarily added

Step 8

Remove local administrators

Strips Administrator access from all accounts besides itadmin

Step 8

Sign out

Last step to the deployment. User is free to log back in instantly