Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
KE-PO-WIN-C-Enterprise Windows Applocker Control
Data collected on: 2-9-2025 10:38:55
General
Details
Domainemea.tpg.ads
OwnerEMEA\tentolouris.5-adm
Created9-8-2022 10:48:00
Modified9-2-2023 15:40:58
User Revisions1 (AD), 1 (SYSVOL)
Computer Revisions120 (AD), 120 (SYSVOL)
Unique ID{e5da6ea4-da4d-4187-9440-4a037bc32190}
GPO StatusUser settings disabled
Links
LocationEnforcedLink StatusPath
ClientsYesEnabledemea.tpg.ads/KE/Systems/Clients

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
EMEA\KE-L-SEC-Clients Windows Enterprise Settings
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\Domain AdminsEdit settings, delete, modify securityNo
EMEA\Domain ComputersReadNo
EMEA\KE-G-ORG-OU AdminsEdit settings, delete, modify securityNo
EMEA\KE-L-SEC-Clients Windows Enterprise SettingsRead (from Security Filtering)No
EMEA\tentolouris.5-admEdit settings, delete, modify securityNo
NT AUTHORITY\Authenticated UsersReadNo
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERSReadNo
NT AUTHORITY\SYSTEMEdit settings, delete, modify securityNo
ROOT\Enterprise AdminsEdit settings, delete, modify securityNo
Computer Configuration (Enabled)
Policies
Windows Settings
Security Settings
System Services
Application Identity (Startup Mode: Automatic)
Permissions
No permissions specified
Auditing
No auditing specified
File System
%ProgramFiles%\WindowsApps
Configure this file or folder then: Propagate inheritable permissions to all subfolders and files
Owner
Permissions
TypeNamePermissionApply To
AllowBUILTIN\AdministratorsFull ControlThis folder, subfolders and files
AllowCREATOR OWNERFull ControlSubfolders and files only
AllowNT AUTHORITY\SYSTEMFull ControlThis folder, subfolders and files
AllowBUILTIN\UsersRead and ExecuteThis folder, subfolders and files
AllowAPPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGESRead and ExecuteThis folder, subfolders and files
Allow inheritable permissions from the parent to propagate to this object and all child objectsDisabled
Auditing
No auditing specified
Application Control Policies
Appx Rules
PolicySetting
Enforce rules of this typeTrue

ActionUserNameRule TypeExceptions
AllowEMEA\KE-L-SEC-Apps Cortana AllowedMicrosoft.Windows.Cortana, from Microsoft CorporationPublisherNo
AllowEMEA\KE-L-SEC-Apps MicrosoftSwayMicrosoft.Office.Sway, from Microsoft CorporationPublisherNo
AllowEMEA\KE-L-SEC-Apps ScreenRecorderProWin10 Allowed57506winuwp.ScreenRecorderProForWin10, from winuwpPublisherNo
AllowEveryoneMicrosoft.Windows.PeopleExperienceHost, from Microsoft CorporationPublisherNo
AllowBUILTIN\AdministratorsSigned by *PublisherNo
AllowEMEA\KE-L-SEC-Apps MicrosoftToDo AllowedMicrosoft.Todos, from Microsoft CorporationPublisherNo
AllowEMEA\KE-L-SEC-Apps MSAccountsControl AllowedMicrosoft.Windows.CloudExperienceHost, from Email, phone, or SkypePublisherNo
AllowEveryoneMicrosoft.Windows.StartMenuExperienceHost, from ms-resource:StartMenuExperienceHost/PublisherDisplayNamePublisherNo
AllowEveryonewindows.immersivecontrolpanel, from Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.Windows.Apprep.ChxApp, from Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.Windows.ShellExperienceHost, from Microsoft CorporationPublisherNo
AllowEMEA\KE-L-SEC-Apps OneNote AllowedMicrosoft.Office.OneNote, from Microsoft CorporationPublisherNo
AllowEMEA\KE-L-SEC-Apps Snip & Sketch AllowedMicrosoft.ScreenSketch, from Microsoft CorporationPublisherNo
AllowEMEA\KE-L-SEC-Apps Photos AllowedMicrosoft.Windows.Photos, from Microsoft CorporationPublisherNo
DenyEMEA\KE-L-SEC-Restricted Search on Start menuMicrosoft.Windows.Search, from Microsoft CorporationPublisherNo
DenyEMEA\KE-L-SEC-Restricted Search on Start menuMicrosoft.Windows.CloudExperienceHost, from Email, phone, or SkypePublisherNo
AllowEMEA\KE-L-SEC-Apps DesktopAppInstallerMicrosoft.DesktopAppInstaller, from Microsoft CorporationPublisherNo
AllowEMEA\KE-L-SEC-Apps Xbox Game Bar AllowedMicrosoft.XboxGamingOverlay, from Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.WindowsCalculator, from Microsoft CorporationPublisherNo
AllowEMEA\KE-L-SEC-Apps Search AllowedMicrosoft.Windows.Search, from Microsoft CorporationPublisherNo
AllowEMEA\KE-L-SEC-Apps WindowsCommunicationAppsmicrosoft.windowscommunicationsapps, from Microsoft CorporationPublisherNo
AllowEMEA\KE-L-SEC-Apps Sticky Notes AllowedMicrosoft.MicrosoftStickyNotes, from Microsoft CorporationPublisherNo
AllowEveryoneWindows.PrintDialog, from Microsoft CorporationPublisherNo
AllowEMEA\KE-L-SEC-Apps Camera AllowedMicrosoft.WindowsCamera, from Microsoft CorporationPublisherNo
AllowEMEA\KE-L-SEC-Apps 3DPaint AllowedMicrosoft.MSPaint, from Microsoft CorporationPublisherNo
AllowEMEA\KE-L-SEC-Apps MSAccountsControl AllowedMicrosoft.AccountsControl, from Microsoft CorporationPublisherNo
AllowEMEA\KE-L-SEC-Apps Store AllowedMicrosoft.WindowsStore, from Microsoft CorporationPublisherNo
AllowEMEA\KE-L-SEC-Apps PDF Reader Kdan Mobile Allowed0D9A1B2D.PDFReaderUWP, from Kdan Mobile Software Ltd.PublisherNo
AllowEMEA\KE-L-SEC-Apps Groove Music AllowedMicrosoft.ZuneMusic, from Microsoft CorporationPublisherNo
AllowEMEA\KE-L-SEC-Apps OneDrive Allowedmicrosoft.microsoftskydrive, from Microsoft CorporationPublisherNo
AllowEMEA\KE-L-SEC-Apps Trello Allowed45273LiamForsyth.PawsforTrello, from Trello, Inc.PublisherNo
AllowEveryoneInputApp, from Microsoft CorporationPublisherNo
AllowEMEA\KE-L-SEC-Apps Whiteboard AllowedMicrosoft.Whiteboard, from Microsoft CorporationPublisherNo
AllowEMEA\KE-L-SEC-UNRestrict ApplockerSigned by *PublisherNo
AllowNT AUTHORITY\SYSTEMSigned by *PublisherNo
AllowEveryoneMicrosoft.LockApp, from Microsoft CorporationPublisherNo
AllowEveryoneMicrosoft.AAD.BrokerPlugin, from Assigned by your organizationPublisherNo
AllowEMEA\KE-L-SEC-Apps MicrosoftSmartCardManagerMicrosoft.MicrosoftSmartCardManager, from Microsoft CorporationPublisherNo
AllowEveryoneMicrosoftWindows.Client.CBS, from Microsoft WindowsPublisherNo
AllowEveryoneWavesAudio.MaxxAudioProforDell2019, from Waves AudioPublisherNo
AllowEveryoneMicrosoft.MicrosoftEdge, from Microsoft CorporationPublisherNo
AllowEMEA\KE-L-SEC-Apps Calculator AllowedMicrosoft.WindowsCalculator, from Microsoft CorporationPublisherNo
DenyEMEA\KE-L-SEC-Restricted Search on Start menuMicrosoft.549981C3F5F10, from Microsoft CorporationPublisherNo
AllowEMEA\KE-L-SEC-Apps MobilePASS Allowed05EB1CFA.SafeNetMobilePASS, from Gemalto Pte LtdPublisherNo
Dll Rules
No rules of type 'Dll Rules' are defined.
Executable Rules
PolicySetting
Enforce rules of this typeTrue

ActionUserNameRule TypeExceptions
AllowEveryoneMICROSOFT TEAMS UPDATE, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=USPublisherNo
AllowEveryoneMICROSOFT TEAMS, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=USPublisherNo
AllowEMEA\KE-L-SEC-UNRestrict CMD & Powershell%SYSTEM32%\conhost.exePathNo
DenyEMEA\KE-L-SEC-Restricted Search on Start menu%WINDIR%\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\*PathNo
AllowEMEA\KE-L-SEC-UNRestrict CMD & Powershell%SYSTEM32%\cmd.exePathNo
DenyEMEA\KE-L-SEC-Restrictive Applocker for ManagementRestricted Access for MGMTPathYes
AllowEveryoneAll files located in the Windows folderPathYes
DenyEMEA\KE-L-SEC-Restricted Search on Start menu%WINDIR%\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\*PathNo
AllowEveryone(Default Rule) All files located in the Program Files folderPathNo
DenyEMEA\KE-L-SEC-Restrict SnippingTool%SYSTEM32%\SnippingTool.exePathNo
AllowEMEA\KE-L-SEC-UNRestrict CMD & Powershell%SYSTEM32%\WindowsPowerShell\v1.0\powershell_ise.exePathNo
DenyEMEA\KE-L-SEC-Restricted Search on Start menu%WINDIR%\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\*PathNo
AllowEveryone*PathYes
AllowEMEA\KE-L-SEC-UNRestrict CMD & Powershell%SYSTEM32%\WindowsPowerShell\v1.0\powershell.exePathNo
AllowEMEA\KE-L-SEC-UNRestrict Applocker*PathNo
AllowBUILTIN\Administrators(Default Rule) All filesPathNo
Windows Installer Rules
PolicySetting
Enforce rules of this typeTrue

ActionUserNameRule TypeExceptions
AllowEveryone(Default Rule) All digitally signed Windows Installer filesPublisherNo
DenyEMEA\KE-L-SEC-Restrictive Applocker for ManagementRestricted Access for MGMTPathYes
AllowEveryone(Default Rule) All Windows Installer files in %systemdrive%\Windows\InstallerPathNo
AllowBUILTIN\Administrators(Default Rule) All Windows Installer filesPathNo
AllowEveryoneAllow AllPathNo
AllowEMEA\KE-L-SEC-UNRestrict Applocker*PathNo
Script Rules
PolicySetting
Enforce rules of this typeTrue

ActionUserNameRule TypeExceptions
AllowEveryone(Default Rule) All scripts located in the Program Files folderPathNo
DenyEMEA\KE-L-SEC-Restrictive Applocker for ManagementRestricted Access for MGMTPathYes
AllowEveryone(Default Rule) All scripts located in the Windows folderPathNo
AllowEveryoneAllow AllPathNo
AllowBUILTIN\Administrators(Default Rule) All scriptsPathNo
AllowEMEA\KE-L-SEC-UNRestrict Applocker*PathNo
Administrative Templates
Policy definitions (ADMX files) retrieved from the central store.
System
PolicySettingComment
Specify settings for optional component installation and component repairEnabled
Alternate source file path
Never attempt to download payload from Windows UpdateDisabled
Download repair content and optional features directly from Windows Update instead of Windows Server Update Services (WSUS)Enabled
Windows Components/App runtime
PolicySettingComment
Block launching desktop apps associated with a file.Disabled
Block launching desktop apps associated with a URI schemeDisabled
Block launching Universal Windows apps with Windows Runtime API access from hosted content.Disabled
Windows Components/Store
PolicySettingComment
Disable all apps from Microsoft Store Disabled
Turn off Automatic Download of updates on Win8 machinesDisabled
Turn off the offer to update to the latest version of WindowsDisabled
Turn off the Store applicationDisabled
Windows Components/Windows Update/Manage updates offered from Windows Server Update Service
PolicySettingComment
Do not connect to any Windows Update Internet locationsDisabled
Preferences
Windows Settings
Registry
DisableStoreApps (Order: 1)
General
ActionDelete
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Policies\Microsoft\WindowsStore
Value nameDisableStoreApps
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Apply once and do not reapplyNo
User Configuration (Disabled)
No settings defined.