How to recognise when the P11D Organiser software has been blocked via AppLocker


There may be circumstances where the P11D Organiser is being blocked via AppLocker, this will generally be intentional and expected via your IT department. If this is being blocked, you will get an error similar to the one shown below:



AppLocker will be present on either the supported operating system, or on the server (for reference, see list of requirements here) but again, your IT team should already know this information).



For more clarity, an event should be triggered and logged, you can check this in:

Event Viewer > Applications and Services Logs > Microsoft > Windows > Applocker [EXE and DLL]



See below example:


How to white-list the P11D Organiser


Whilst simply allowing the p11d.exe and workstation.exe may be sufficient, however, this could still cause issues due to various dependencies the P11D Organiser requires. Based on how the AppLocker configuration has been set (such as blocking directories, DLL's, publishers etc.) will dictate respectively whether our software runs as expected. With that said, the way to definitively ensure you've white-listed the required components we highly recommend white-listing the root directory and thus preventing further issues, to do this follow the below steps:

Right click the Windows button > Run > secpol.msc 

This will bring you to the Local Security policy, in the left hand pane navigate to:

Application Control Policies > Applocker > Executable Rules


As seen in the below screenshot, then simply right click Executable Rules and click Create New Rule:


Click Next on the Before You Begin section, and follow the below screens: 


Of course, change to the respective User(s) as required:


Select Path and click Next. On the screen shown below, ensure you choose "Browse Folders..." and select the root directory of the P11D Organiser. 

NOTE: that the location of the P11D Organiser will typiccally differ to what is shown here in your own environment:


As wild-carding (using the * symbol) is supported, this will white-list the root and sub-directories/files, at this point, unless you want to create any exceptions and add descriptions, you can click Create now, and you new rule will be added and the software white-listed in it's entirety by directory recursively.


And that's it, you're all done, if you're having further issues please contact our support team.