Fix unable to start the Application Identity Service

Posted on Christian By Christian No Comments on Fix unable to start the Application Identity Service
AppLocker

In this article, you will learn how to “fix unable to start the Application Identity Service”. The Application Identity service (AppIDSvc) is a Windows service that determines and verifies the identity of an application. This service is crucial for enforcing AppLocker policies, which help control which applications and files users can run on a system. Please see How to enable or disable User Account Control, ow to Check if Windows Updates were installed, and how to “Prevent Local Administrators from managing BitLocker with the manage-bde command‘.

Note: According to Microsoft, AppLocker is a defense-in-depth security feature and not considered a defensible Windows security feature. Since the rise of Ransomware and high profile attacks, AppLocker can help in the prevention of malware infection. To help protect against these risks, the Defense in Depth approach must be employed.

Please see “how to Disable UAC with Group Policy and enable PIN in Windows Hello, how to fix “Application pool has been disabled or Changing identity user for IIS Application Pool (Event ID 5059)“, and how to WinPE USB Drive: Fixing System Boot Issues.

Reason for “Application Identity Service Access Denied

The Application Identity Service could not start via the Services Manager due to the error message prompted as shown below is related to system configuration issues.

Starting with Windows 10, the Application Identity service is now a protected process. As a result, you can no longer manually set the service Startup type to Automatic by using the Services snap-in

Error 5 Access denied
Access denied

Note: The Application Identity service determines and verifies the identity of an app. When this service is not running, AppLocker policies from being enforced.

Configure Application identity Services to Start

Starting a service through the Services Manager might not always prompt for elevation or the correct administrative rights. Group Policies and Registry modifications often ensure that the necessary permissions are applied.

Note: The Application Identity Service might require elevated permissions that are not granted when starting it manually through the Services Manager.

To fix this issue, open the Registry Editor by pressing Win + R, type regedit, and press Enter to open the Registry Editor.

Note: If prompted by User Account Control (UAC), click Yes.

Launch registry

Navigate to the Application Identity Service Key via the Registry Editor

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppIDSvc
AppIDSVC-Start

This registry key contains the configuration settings for the Application Identity service.

Check and Modify the Registry Values. In the AppIDSvc key, locate the Start value in the right pane. The Start value determines the startup type of the service.

Change from 3 to 2

Set the Start value to 2 to configure the service to start automatically:

  • Value: 2 (Automatic)
  • Value: 3 (Manual)
  • Value: 4 (Disabled)

To change the value, double-click on Start and enter 2 in the Value data field and click OK

Changed to 2

After making these changes, close the Registry Editor. Restart your computer to apply the changes.

restart PC

Upon device restart, you should be able to set the Application identity Services to Automatic.

Application identity properties

The Application identity service is running as shown below.

Application Identity set to automatic

Please see Microsoft Account Password Reset via Web and Windows, and ‘MFA on Root Account: Create a User on AWS and Register MFA“.

Note: To disable this service in the future, you also have to use the GPO or Windows Registry Editor. Else, you will be prompted with the Access Denied wizard.

Set AppIDSvc via command prompt or PowerShell

Open an elevated command prompt or PowerShell and enter the command below and press Enter. 

sc.exe config appidsvc start=auto

I prefer to use this command below since I also want to have the services started.

sc config "AppIDSvc" start=auto & net start "AppIDSvc"
Enable Application Identity Service

Note: The Startup type of the AppIDSvc cannot be set to Manual using sc.exe. Therefore, it is recommend to perform a system backup before changing it.

Start the Application Identity service automatically using GPO

Please launch the Group Policy Management Console (gpmc.msc) ad navigate to the console tree

Computer Configuration\Windows Settings\Security Settings, select System Services

In the details pane, double-click Application Identity. In Application Identity Properties, configure the service to start automatically.

I hope you found this guide very useful on how to Fix unable to start the Application Identity Service. Please feel free to leave a comment below.

5/5 - (1 vote)
Windows Tags:, ,

Related Posts

More Related Articles

Show or Hide File Extensions How to Show or Hide File Extensions on Windows 11 Windows
Slide1 1 How to manage Microsoft Defender Antivirus using Group Policy and Command Line Utility Anti-Virus Solution
remote desktop connection 5 1280x720 1 How to view and remove Remote Desktop connection history Windows
Disable Hardware Acceleration in Browsers and Windows How to Disable Hardware Acceleration in Browsers and Windows Windows
sandbox How to Configure Windows Sandbox Virtualization
Featured image BSOD How to troubleshoot and fix Windows 11 blue screen Windows

Leave a Reply