Leaderboard

abberration, As the second colour (which works) is palindromic I would suggest that the function requires colours in BGR and not RGB format. So try with 0x000080 and see if that works. M23 Edit: 13k! Unlucky for some perhaps. ;D

May i add that all changes you have done in applocker will be saved under the registry key: HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionGroup Policy Objects{009EA05A-7976-4BCE-B4ED-1CF105DB5402}MachineSoftwarePoliciesMicrosoftWindowsSrpV2 There are 3 more keys under this, they correspond to the exe, msi and script rules. EDIT: fyi found this with the nice tool, RegFromApp, traces the changes made by a specific process. When this doesn't work by some reason i use ProcessMonitor AKA ProcMon

What I would do is get a test system together, using a VM or whatever you want. Install 7 Enterprise. Create an AppLocker rule for something like calc.exe, run ProcMon and enable the Enforce Rules mode. Stop ProcMon and look for any registry entries it may have set for it. Otherwise, you can dig around in WMI to see if the setting is recorded there.