Fix unable to start the Application Identity Service

Posted on Christian By Christian No Comments on Fix unable to start the Application Identity Service
AppLocker

In this article, you will learn how to “fix unable to start the Application Identity Service”. The Application Identity service (AppIDSvc) is a Windows service that determines and verifies the identity of an application. This service is crucial for enforcing AppLocker policies, which help control which applications and files users can run on a system. Please see How to enable or disable User Account Control, ow to Check if Windows Updates were installed, and how to “Prevent Local Administrators from managing BitLocker with the manage-bde command‘.

Note: According to Microsoft, AppLocker is a defense-in-depth security feature and not considered a defensible Windows security feature. Since the rise of Ransomware and high profile attacks, AppLocker can help in the prevention of malware infection. To help protect against these risks, the Defense in Depth approach must be employed.

Please see “how to Disable UAC with Group Policy and enable PIN in Windows Hello, how to fix “Application pool has been disabled or Changing identity user for IIS Application Pool (Event ID 5059)“, and how to WinPE USB Drive: Fixing System Boot Issues.

Reason for “Application Identity Service Access Denied

The Application Identity Service could not start via the Services Manager due to the error message prompted as shown below is related to system configuration issues.

Starting with Windows 10, the Application Identity service is now a protected process. As a result, you can no longer manually set the service Startup type to Automatic by using the Services snap-in

Error 5 Access denied
Access denied

Note: The Application Identity service determines and verifies the identity of an app. When this service is not running, AppLocker policies from being enforced.

Configure Application identity Services to Start

Starting a service through the Services Manager might not always prompt for elevation or the correct administrative rights. Group Policies and Registry modifications often ensure that the necessary permissions are applied.

Note: The Application Identity Service might require elevated permissions that are not granted when starting it manually through the Services Manager.

To fix this issue, open the Registry Editor by pressing Win + R, type regedit, and press Enter to open the Registry Editor.

Note: If prompted by User Account Control (UAC), click Yes.

Launch registry

Navigate to the Application Identity Service Key via the Registry Editor

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppIDSvc
AppIDSVC-Start

This registry key contains the configuration settings for the Application Identity service.

Check and Modify the Registry Values. In the AppIDSvc key, locate the Start value in the right pane. The Start value determines the startup type of the service.

Change from 3 to 2

Set the Start value to 2 to configure the service to start automatically:

  • Value: 2 (Automatic)
  • Value: 3 (Manual)
  • Value: 4 (Disabled)

To change the value, double-click on Start and enter 2 in the Value data field and click OK

Changed to 2

After making these changes, close the Registry Editor. Restart your computer to apply the changes.

restart PC

Upon device restart, you should be able to set the Application identity Services to Automatic.

Application identity properties

The Application identity service is running as shown below.

Application Identity set to automatic

Please see Microsoft Account Password Reset via Web and Windows, and ‘MFA on Root Account: Create a User on AWS and Register MFA“.

Note: To disable this service in the future, you also have to use the GPO or Windows Registry Editor. Else, you will be prompted with the Access Denied wizard.

Set AppIDSvc via command prompt or PowerShell

Open an elevated command prompt or PowerShell and enter the command below and press Enter. 

sc.exe config appidsvc start=auto

I prefer to use this command below since I also want to have the services started.

sc config "AppIDSvc" start=auto & net start "AppIDSvc"
Enable Application Identity Service

Note: The Startup type of the AppIDSvc cannot be set to Manual using sc.exe. Therefore, it is recommend to perform a system backup before changing it.

Start the Application Identity service automatically using GPO

Please launch the Group Policy Management Console (gpmc.msc) ad navigate to the console tree

Computer Configuration\Windows Settings\Security Settings, select System Services

In the details pane, double-click Application Identity. In Application Identity Properties, configure the service to start automatically.

I hope you found this guide very useful on how to Fix unable to start the Application Identity Service. Please feel free to leave a comment below.

5/5 - (1 vote)
Windows Tags:, ,

Related Posts

More Related Articles

image 3 How to Migrate Your WordPress Site with WordPress Duplicator Network | Monitoring
SSH Keys Generation How to Generate SSH keys in Windows 11 Windows
LAPS PAssword Not Showing Up LAPS password not showing up in GUI Windows
rdp error The connection was denied because the user account is not authorized for remote login: How to add and remove Remote Desktop Users Windows
Interactive logon Message for Users Display interactive logon messages for Windows PCs via GPO Windows
lang2 How to add languages to your Windows PC Windows

Leave a Reply