How to know which files to specify exclusions for the installers of whitelisted apps using hashes with a Windows GPO?

Question

To specify in the software restriction GPO, the hashes of executable/script files that are allowed to execute during the installation of a program run from, for example %LOCALAPPDATA%\Temp, during installation; how does one figure out what programs will execute for a given installer, and what their hashes are?

Note that it has also been suggested that this can be done by first moving the computer to an OU that does not have the software restriction applied, and then running the installer from there first; but it seems to me that if a user needed to reinstall the product, or repair it; they would be unable to do so without the hash method, and so the hash method seems to be the way to go.

P.S. When the execution of a program is blocked, it causes an Event ID 866 from the source `SoftwareRestrictionPolicies` in the Application log. — leeand00, May 20 '16 at 12:50

score 2 · Accepted Answer · answered May 20 '16 at 12:44

2

Set applocker in audit mode, run the install and the eventlog will show you what would have been blocked.

answered May 20 '16 at 12:44

Jim B

24,081
4
36
60

How to know which files to specify exclusions for the installers of whitelisted apps using hashes with a Windows GPO?

1 Answers1