Windows 7 Services Information - Application Identity

Application Identity

Default Description:

Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced.

Additional Information:

None at this time

Additional Reading:

None at this time

Discussion Topic Link:

Windows 7 Services Forum

Defaults Startup Type:

Windows 7 Starter: Manual
Windows 7 Home Basic: Manual
Windows 7 Home Premium: Manual
Windows 7 Professional: Manual
Windows 7 Ultimate: Manual
Windows 7 Enterprise: Manual

Other Settings:

Safe Setting: Manual

Service Names:

Service Name (registry): AppIDSvc

Display Name: Application Identity

Default Path and Command Line Options:

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

Log On As:

Account: Local Service

Dependencies:

What service Application Identity needs to function properly:

AppID Driver (S, HB, HP, P, U, E)
- Flt Mgr (S, HB, HP, P, U, E)
- System Attribute Cache (S, HB, HP, P, U, E)
Cryptographic Services(S, HB, HP, P, U, E)
- Remote Procedure Call (RPC)(S, HB, HP, P, U, E)
  - DCOM Server Process Launcher(S, HB, HP, P, U, E)
  - RPC Endpoint mapper(S, HB, HP, P, U, E)
Remote Procedure Call (RPC)(S, HB, HP, P, U, E)
- DCOM Server Process Launcher(S, HB, HP, P, U, E)
- RPC Endpoint mapper(S, HB, HP, P, U, E)

What other service require Application Identity to function properly:

None (S, HB, HP, P, U, E)

Registry Settings (.reg):

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AppIDSvc]
"DisplayName"="@%systemroot%\\system32\\appidsvc.dll,-100"
"Group"="ProfSvc_Group"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
00,65,00,41,00,6e,00,64,00,4e,00,6f,00,49,00,6d,00,70,00,65,00,72,00,73,00,\
6f,00,6e,00,61,00,74,00,69,00,6f,00,6e,00,00,00
"Description"="@%systemroot%\\system32\\appidsvc.dll,-101"
"ObjectName"="NT Authority\\LocalService"
"ErrorControl"=dword:00000001
"Start"=dword:00000003
"Type"=dword:00000020
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,41,00,70,00,70,00,\
49,00,44,00,00,00,43,00,72,00,79,00,70,00,74,00,53,00,76,00,63,00,00,00,00,\
00
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
67,00,65,00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AppIDSvc\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
61,00,70,00,70,00,69,00,64,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,\
00
"ServiceDllUnloadOnStop"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AppIDSvc\TriggerInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AppIDSvc\TriggerInfo\0]
"Type"=dword:00000014
"Action"=dword:00000001
"GUID"=hex:27,9c,2a,d0,b8,79,d6,40,9b,97,cf,3f,8b,7b,5d,60

www.BlackViper.com: Windows 7 Services 411 - Application Identity