Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Saturday, March 16, 2019 10:13 PM
Hi. On Windows 10 Pro, I'm using group policy for non-admins to allow only specified programs ("Run only specified Windows applications"). But how to get a list of programs that got blocked by the group policy? I tried to see that in Event Viewer, Process Explorer and Process Monitor (from SysInternals), but they don't seem to help, or I don't know what to look for. Please help, thanks a lot.
All replies (4)
Monday, March 18, 2019 7:44 AM
Event log should record something you need…
Look at this similar case
https://serverfault.com/questions/320204/how-to-know-when-group-policy-blocked-an-application
To my knowledge, if you are using AppLocker to prevent user from running app, event id 8004 record which app has been blocked.
Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Regards
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, March 18, 2019 8:53 AM
Hi,
If we want to check the blocked apps by group policy, we could use command gpresult /h report.html to check group policy result report.
The policy [software restriction policies] is under the path: computer configuration \ policies \ windows settings \ security settings \ software restriction policies.
We could check if there is any policies under the path in the report.
Like the following screenshot.
Thanks for your support and understanding.
Best Regards,
Kallen
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, March 18, 2019 1:42 PM
Hi. Thanks for your answer, but I've seen that already and none of that helped. I can't see any event with ID 865 nor 8004. I'm not using AppLocker (this is 10 Pro, not Enterprise) but the GP. CodeIdentifier log didn't work in my case. But thanks anyway.
Monday, March 18, 2019 1:50 PM
Hi. Thanks for your answer, but that only gives a list of policies in effect, not the log of their results... I need to find out which apps got blocked, not which ones are allowed. Best regards.