Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, April 5, 2017 10:09 AM
I have enabled an AppLocker policy for a Windows 10 Enterprise PC.
Following this the Start Menu fails to work under any profile, even a profile will a Path Rule allowing access to all files (*), which makes no sense.
I have tried to create a rule which allows access to C:\Users\\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost* however this does not seem to work.
Can anyone help? I need to use AppLocker on Windows 10 but my users need their Start Menu's.
My Domain is at the Windows Server 2008 R2 functional level and my domain controllers are Windows Server 2008 R2.
There are no other Policies being applied to these Windows 10 PCs.
All replies (6)
Thursday, April 6, 2017 6:17 AM | 2 votes
Hi ,
I searched online and found a article that might be helpful for you. Please check it.
Windows 10 Start Menu Does Not Work with AppLocker.
""Thank you!!!! Another way to do this without turning off AppLocker entirely is to go into policy:
COMPUTER > Policies > Windows Settings > Security Settings > Application Control Policies > AppLocker > Packaged app Rules
Right-click and choose Create Default Rules.
That allows Everyone to run All signed packaged apps.
You can then fine-tune to allow just Microsoft apps, and still keep your existing investment in terms or Executable Rules and Windows Installer Rules.
https://systemcenternoise.wordpress.com/2015/11/04/windows-10-start-menu-does-not-work-with-applocker/
NOTE: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites.
Best regards
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Thursday, April 6, 2017 8:29 AM
Yeah, I've googled also, unfortunately I have already done that, and it doesn't fit my requirements.
It seems to be to be a fundamental issue with Windows 10 and AppLocker.
Friday, April 7, 2017 9:53 AM
Hi ,
Maybe there is a possibility that registry or file system permissions may have been changed from their defaults by the domain GPO. I found a reference article about this scenario.
If this is your case, to fix this issue, we need to change the registry or file system permissions to the default. I suggest you refer to the following link to have a try.
https://blogs.technet.microsoft.com/ouc1too/2014/07/22/windows-8-1-store-apps-wont-open-or-close-immediately-when-logged-on-as-a-domain-user-make-it-stop/ (applied to windows 10)
In addition, we could also re-register all apps with the following command in the PowerShell with Administrator. Hope it helps.
"Get-AppXPackage | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}"
Best regards
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, April 10, 2017 2:58 PM
I have verified that there are no permissions issues.
If I attempt to re-register the Apps the action failed as it is blocked by AppLocker.
Fundamentally this comes down to AppLocker preventing the Windows 10 apps from running.
Also, it does not seem to be possible to create a Packaged App Rule on Server 2008 R2 GPO, which seems to be the solution if I were running 2012 >.
Is there a documented solution?
Tuesday, April 11, 2017 2:36 PM
This seems to be relevant to my issue:
I will try this and let you know how it goes.
Thursday, April 20, 2017 9:22 AM
We haven’t heard from you in a couple of days, have you solved the problem? We are looking forward to your good news.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].