Q. I'm using Microsoft Application Virtualization (App-V) with AppLocker and none of my virtualized applications will launch. Why not?

A. With virtualized applications, the actual program runs from the Q: drive by default and not the normal location of C:\Program Files. The default AppLocker exception allows execution of any program under %PROGRAMFILES%, so this won't not apply to Q:. You therefore need to add a new rule to allow execution from the Q: drive.

  1. Start the Group Policy Management Editor and edit a group policy object that will host the AppLocker new exception.
  2. Navigate to Computer Configuration, Policies, Windows Settings, Security Settings, Application Control Policies, AppLocker, Executable Rules.
  3. Run the Create New Rule action and click Next.
  4. Specify the users to whom the rule will apply. By default, this is Everyone.
  5. For Conditions, select Path and click Next.
  6. For the Path, select q:\* and click Next.
  7. Leave the Exceptions page blank and click Next.
  8. Give the rule a name, such as App-V Applications (q:\*), and click Create.
  9. Make sure the group policy object is linked to the computers that run the App-V applications.
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.