.NET 4.7 and AppLocker
Posted: Thu Sep 14, 2017 4:08 pm
I've spent a fair amount of time tracing this issue over the last few days. I first noticed it (in a VM) well over a month ago but I hadn't buckled down to actually solve it until recently. My initial assumptions were that it was related to some recent changes in NTLite and so i spent some time bugging Nuhi about it (a lot) but as it turns out it wasn't related to changes on his end at all! Sorry, sir.
There's now a report opened about it so we'll see (if) how long it takes MS to correct but as it's been reported elsewhere without (so far as I know) the cause being isolated (or a workaround being posted) I felt like sharing some place.
Similar threads:
https://www.tenforums.com/general-suppo ... -user.html
Steps to reproduce:
Tested on Windows 7 x64 Ultimate
1A) Install .NET Framework 4.7 or 1B) Set OnlyUseLatestCLR to 1
2) Use Windows Update and install the latest .NET roll-up available
3) Run gpedit.msc and navigate to Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Application Control Policies > AppLocker > Executable Rules
4) Right Click and 'Create New Rule' then on the Permissions page for User or group: choose 'Select...'
Expected Result:
An interface for selecting a different user should open
Actual Result:
SrpUxSnapIn.dll MMC error FX:{8A1A4AD2-7F9F-492C-9E1D-F725E3CBF2F0}
Workaround:
Set OnlyUseLatestCLR to 0 and/or Uninstall .NET 4.7 and re-install 4.6.2 followed by updating it online.
There's now a report opened about it so we'll see (if) how long it takes MS to correct but as it's been reported elsewhere without (so far as I know) the cause being isolated (or a workaround being posted) I felt like sharing some place.
Similar threads:
https://www.tenforums.com/general-suppo ... -user.html
Steps to reproduce:
Tested on Windows 7 x64 Ultimate
1A) Install .NET Framework 4.7 or 1B) Set OnlyUseLatestCLR to 1
2) Use Windows Update and install the latest .NET roll-up available
3) Run gpedit.msc and navigate to Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Application Control Policies > AppLocker > Executable Rules
4) Right Click and 'Create New Rule' then on the Permissions page for User or group: choose 'Select...'
Expected Result:
An interface for selecting a different user should open
Actual Result:
SrpUxSnapIn.dll MMC error FX:{8A1A4AD2-7F9F-492C-9E1D-F725E3CBF2F0}
Workaround:
Set OnlyUseLatestCLR to 0 and/or Uninstall .NET 4.7 and re-install 4.6.2 followed by updating it online.