Hello,
I have a Group Policy object configured to only allow certain apps from the Windows store. But, I have just discovered today that users are able to install any app on their workstations.
I have run Get-AppLocker Policy -Effective - XML on my machine and have pasted the result below. It appears to me that the policy is "Enforced" and it is my understanding that if you put a single Allow policy in place that anything that is not 'allowed' should be blocked. I also created a default Deny rule as a test measure today but all apps are still able to install and run.
Any assistance in figuring out how to block Apps will be greatly appreciated,
<AppLockerPolicy Version="1"><RuleCollection Type="Appx" EnforcementMode="Enabled"><FilePublisherRule Id="19b8c144-462c-418a-9855-95310e1ec45d" Name="All signed packaged apps" Description="Allows members of the Everyone group to run packaged apps that are signed." UserOrGroupSid="S-1-1-0" Action="Deny"><Conditions><FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*"><BinaryVersionRange LowSection="0.0.0.0" HighSection="*" /></FilePublisherCondition></Conditions></FilePublisherRule><FilePublisherRule Id="1489bc3c-7d6a-4009-803a-c7774cb97c10" Name="The New York Times App" Description="" UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePublisherCondition PublisherName="CN=2F92D1C2-F1CF-4B70-B356-ED490ADEC791" ProductName="TheNewYorkTimes.TheNewYorkTimes" BinaryName="*"><BinaryVersionRange LowSection="*" HighSection="*" /></FilePublisherCondition></Conditions></FilePublisherRule><FilePublisherRule Id="151b732a-0f73-4d31-b1e5-250d28748f8e" Name="Microsoft ZuneVideo signed by Microsoft Corporation" Description="Microsoft ZuneVideo signed by Microsoft Corporation" UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.ZuneVideo" BinaryName="*"><BinaryVersionRange LowSection="2.2.0.0" HighSection="*" /></FilePublisherCondition></Conditions></FilePublisherRule><FilePublisherRule Id="37c046b4-afa9-4bd9-aa24-959583c57576" Name="Microsoft SkypeApp signed by Skype" Description="Microsoft SkypeApp signed by Skype" UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePublisherCondition PublisherName="CN=Skype Software Sarl, O=Microsoft Corporation, L=Luxembourg, S=Luxembourg, C=LU" ProductName="Microsoft.SkypeApp" BinaryName="*"><BinaryVersionRange LowSection="2.0.0.0" HighSection="*" /></FilePublisherCondition></Conditions></FilePublisherRule><FilePublisherRule Id="3f1e6a80-0e7f-443f-bbe7-6fcee9288e7c" Name="Microsoft MoCamera signed by Microsoft Corporation" Description="Microsoft MoCamera signed by Microsoft Corporation" UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MoCamera" BinaryName="*"><BinaryVersionRange LowSection="6.3.0.0" HighSection="*" /></FilePublisherCondition></Conditions></FilePublisherRule><FilePublisherRule Id="446042cd-64c5-4bbd-ad50-c0d69880e1d5" Name="TD Ameritrade" Description="" UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePublisherCondition PublisherName="CN=71B8AF03-F191-474C-817D-F57BF8D52E5D" ProductName="TDAmeritradeMobileLLC.TDAmeritrade" BinaryName="*"><BinaryVersionRange LowSection="1.1.0.0" HighSection="*" /></FilePublisherCondition></Conditions></FilePublisherRule><FilePublisherRule Id="584defc8-4071-46bd-bc47-0d3ee29e2375" Name="The Economist" Description="TheEconomistNewspaper.TheEconomistonWindows, from The Economist Newspaper" UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePublisherCondition PublisherName="CN=6F36EE64-F85C-4AFB-8ABB-A3EA7D54FDBC" ProductName="TheEconomistNewspaper.TheEconomistonWindows" BinaryName="*"><BinaryVersionRange LowSection="*" HighSection="*" /></FilePublisherCondition></Conditions></FilePublisherRule><FilePublisherRule Id="5b42e54e-bb5b-44bc-aead-bc8bf5ecf732" Name="Microsoft Winstore signed by Microsoft Corporation" Description="" UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="winstore" BinaryName="*"><BinaryVersionRange LowSection="1.0.0.0" HighSection="*" /></FilePublisherCondition></Conditions></FilePublisherRule><FilePublisherRule Id="7963bb10-70ec-46d4-92b7-3478463c7237" Name="Citrix GoToMeeting signed by Citrix" Description="" UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePublisherCondition PublisherName="CN=AA827FA5-A4F1-46AD-BB20-8A79D9C08518" ProductName="D50536CD.GoToMeeting" BinaryName="*"><BinaryVersionRange LowSection="1.0.0.0" HighSection="*" /></FilePublisherCondition></Conditions></FilePublisherRule><FilePublisherRule Id="84d1fa6b-f45c-46c9-9a49-ce9f22ce5a53" Name="Evernote" Description="Packaged app: Evernote.Evernote signed by Evernote" UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePublisherCondition PublisherName="CN=DCD4AC3C-C7E0-46FF-8387-51FDC8CBC467" ProductName="Evernote.Evernote" BinaryName="*"><BinaryVersionRange LowSection="2.1.0.0" HighSection="*" /></FilePublisherCondition></Conditions></FilePublisherRule><FilePublisherRule Id="8b836e78-c7e7-423e-a779-23537689a960" Name="Microsoft HelpAndTips signed by Microsoft Corporation" Description="Microsoft.HelpAndTips signed by Microsoft Corporation" UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.HelpAndTips" BinaryName="*"><BinaryVersionRange LowSection="6.3.0.0" HighSection="*" /></FilePublisherCondition></Conditions></FilePublisherRule><FilePublisherRule Id="a02a399a-c4eb-4f23-a6fe-581c5335a08c" Name="Financial Times" Description="FinancialTimes.FinancialTimes, from Financial Times" UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePublisherCondition PublisherName="CN=369E114A-516A-4C8F-A9BB-34AB93BF9A6C" ProductName="FinancialTimes.FinancialTimes" BinaryName="*"><BinaryVersionRange LowSection="*" HighSection="*" /></FilePublisherCondition></Conditions></FilePublisherRule><FilePublisherRule Id="a4604690-70a0-4fd9-ab63-d356815c0690" Name="Microsoft ZuneMusic signed by Microsoft Corporation" Description="Microsoft ZuneMusic signed by Microsoft Corporation" UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.ZuneMusic" BinaryName="*"><BinaryVersionRange LowSection="2.2.0.0" HighSection="*" /></FilePublisherCondition></Conditions></FilePublisherRule><FilePublisherRule Id="b6d42f3c-5e41-49ce-bb0a-3b10cd97f266" Name="Wall Street Journal" Description="DBA50444.53881C1868EDA, version 2.1.0.0 and above, from Dow Jones & Company, Inc." UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePublisherCondition PublisherName="CN=6827DD24-1114-4F7D-8EF4-DB7F587FD8E4" ProductName="DBA50444.53881C1868EDA" BinaryName="*"><BinaryVersionRange LowSection="2.1.0.0" HighSection="*" /></FilePublisherCondition></Conditions></FilePublisherRule><FilePublisherRule Id="b87497c5-0212-4ce9-b516-e7f30f15d041" Name="Microsoft Bing Weather" Description="Microsoft.BingWeather signed by Microsoft Corporation" UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.BingWeather" BinaryName="*"><BinaryVersionRange LowSection="3.0.0.0" HighSection="*" /></FilePublisherCondition></Conditions></FilePublisherRule><FilePublisherRule Id="ba8198f5-b3e1-4a2b-a0da-338421e3c3de" Name="Microsoft Windows SoundRecorder signed by Microsoft Corporation" Description="Microsoft WindowsSoundRecorder signed by Microsoft Corporation" UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsSoundRecorder" BinaryName="*"><BinaryVersionRange LowSection="6.3.0.0" HighSection="*" /></FilePublisherCondition></Conditions></FilePublisherRule><FilePublisherRule Id="bbad875a-41c9-451c-bf59-42e43db5ecb6" Name="Microsoft Windows immersivecontrolpanel signed by Microsoft Corporation" Description="Microsoft windows.immersivecontrolpanel signed by Microsoft Corporation" UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="windows.immersivecontrolpanel" BinaryName="*"><BinaryVersionRange LowSection="6.2.0.0" HighSection="*" /></FilePublisherCondition></Conditions></FilePublisherRule><FilePublisherRule Id="cad22c08-788c-43c2-915b-0a18a88626a3" Name="Microsoft Windows Alarms signed by Microsoft Corporation" Description="Microsoft WindowsAlarms signed by Microsoft Corporation" UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsAlarms" BinaryName="*"><BinaryVersionRange LowSection="6.3.0.0" HighSection="*" /></FilePublisherCondition></Conditions></FilePublisherRule><FilePublisherRule Id="ccf05b01-2c83-414d-b002-f9b08dedad86" Name="Microsoft Windows ReadingList signed by Microsoft Corporation" Description="Microsoft WindowsReadingList signed by Microsoft Corporation" UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsReadingList" BinaryName="*"><BinaryVersionRange LowSection="6.3.0.0" HighSection="*" /></FilePublisherCondition></Conditions></FilePublisherRule><FilePublisherRule Id="d43e619a-5b1a-418a-983a-8c81bb3e9dd0" Name="Microsoft Windows Calculator signed by Microsoft Corporation" Description="Microsoft WindowsCalculator signed by Microsoft Corporation" UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsCalculator" BinaryName="*"><BinaryVersionRange LowSection="6.3.0.0" HighSection="*" /></FilePublisherCondition></Conditions></FilePublisherRule><FilePublisherRule Id="e27bc9a4-3503-42df-8468-8acf590f7133" Name="Aljazeera" Description="65224AljazeeraMediaNetwor.AlJazeera, version 1.0.0.0 and above, from Aljazeera Media Network" UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePublisherCondition PublisherName="CN=FFE13013-57F2-495F-AA95-33EC1F5CA210" ProductName="65224AljazeeraMediaNetwor.AlJazeera" BinaryName="*"><BinaryVersionRange LowSection="1.0.0.0" HighSection="*" /></FilePublisherCondition></Conditions></FilePublisherRule><FilePublisherRule Id="e2a158c0-344a-465b-b790-07eda53b10fa" Name="Microsoft Bing Finance" Description="Microsoft.BingFinance signed by Microsoft Corporation" UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.BingFinance" BinaryName="*"><BinaryVersionRange LowSection="3.0.0.0" HighSection="*" /></FilePublisherCondition></Conditions></FilePublisherRule><FilePublisherRule Id="ed42e8c9-dfc1-4c6c-8501-87d6a8ae2a9f" Name="Microsoft Reader signed by Microsoft Corporation" Description="Microsoft.Reader signed by Microsoft Corporation" UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Reader" BinaryName="*"><BinaryVersionRange LowSection="6.3.0.0" HighSection="*" /></FilePublisherCondition></Conditions></FilePublisherRule><FilePublisherRule Id="f1702d41-6c0d-495f-a965-0e9c9333d60f" Name="Amazon Kindle" Description="AMZNMobileLLC.KindleforWindows8 signed by AMZN Mobile LLC" UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePublisherCondition PublisherName="CN=2C9A58C0-E6B3-4889-8D46-5C3C1A2D0836" ProductName="AMZNMobileLLC.KindleforWindows8" BinaryName="*"><BinaryVersionRange LowSection="2.1.0.0" HighSection="*" /></FilePublisherCondition></Conditions></FilePublisherRule><FilePublisherRule Id="f1b8aa67-1b82-486a-8f9c-3b4d446487f0" Name="Flipboard" Description="Flipboard.Flipboard, version 2.0.0.0 and above, from Flipboard" UserOrGroupSid="S-1-1-0" Action="Allow"><Conditions><FilePublisherCondition PublisherName="CN=E7268B71-AD1D-4F1F-BD8B-1F3D76F6C653" ProductName="Flipboard.Flipboard" BinaryName="*"><BinaryVersionRange LowSection="2.0.0.0" HighSection="*" /></FilePublisherCondition></Conditions></FilePublisherRule></RuleCollection><RuleCollection Type="Dll" EnforcementMode="NotConfigured" /><RuleCollection Type="Exe" EnforcementMode="NotConfigured" /><RuleCollection Type="Msi" EnforcementMode="NotConfigured" /><RuleCollection Type="Script" EnforcementMode="NotConfigured" /></AppLockerPolicy>