Deny Policy for Users only #1061

krunph · 2026-02-24T10:45:15Z

krunph
Feb 24, 2026

Hope everything is well.

First of all, I’ve been using AppControl for almost a year now and it’s working perfectly — thanks for your great work!
I would like to create a deny policy for cmd.exe and powershell.exe that applies only to standard (non-admin) users.
Is there a way to target only these users and exclude administrators?
Thank you!

Harvester57 · 2026-02-24T12:50:47Z

Harvester57
Feb 24, 2026

Hi @krunph,

Not with WDAC unfortunately, you'll have to deploy an AppLocker policy if you want per-user or per-group rules, as stated in the Microsoft documentation: https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/appcontrol-and-applocker-overview#choose-when-to-use-app-control-or-applocker

1 reply

krunph Feb 24, 2026
Author

Thanks @Harvester57 !

HotCakeX · 2026-02-26T17:38:22Z

HotCakeX
Feb 26, 2026
Maintainer

Thank you, i'm glad it's working well for you :)
As mentioned by @Harvester57, App Control is system-wide. Even though AppLocker does support user-based restrictions, there are many ways to bypass it, that's why App Control which is AppLocker's successor, doesn't have that vulnerability.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Deny Policy for Users only #1061

Uh oh!

{{title}}

Uh oh!

Replies: 2 comments 1 reply

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

Deny Policy for Users only #1061

Uh oh!

krunph Feb 24, 2026

Replies: 2 comments · 1 reply

Uh oh!

Harvester57 Feb 24, 2026

Uh oh!

krunph Feb 24, 2026 Author

Uh oh!

HotCakeX Feb 26, 2026 Maintainer

krunph
Feb 24, 2026

Replies: 2 comments 1 reply

Harvester57
Feb 24, 2026

krunph Feb 24, 2026
Author

HotCakeX
Feb 26, 2026
Maintainer