Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available
NL-PO-WIN-C-AppLocker Desktops
Data collected on: 2-9-2025 12:15:06
General
Details
Domainemea.tpg.ads
OwnerEMEA\langras.5-adm
Created2-8-2024 08:11:46
Modified18-6-2025 10:36:44
User Revisions0 (AD), 0 (SYSVOL)
Computer Revisions206 (AD), 206 (SYSVOL)
Unique ID{9d561786-4b01-42be-83c3-a48e9cdcb09c}
GPO StatusEnabled
Links
LocationEnforcedLink StatusPath
ClientsNoEnabledemea.tpg.ads/BE/Systems/Clients
ClientsNoEnabledemea.tpg.ads/NL/Systems/Clients
ClientsNoEnabledemea.tpg.ads/SR/Systems/Clients

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
None
Delegation
These groups and users have the specified permission for this GPO
NameAllowed PermissionsInherited
EMEA\NL-L-SEC-Deny All AppLockerCustomNo
Computer Configuration (Enabled)
Policies
Windows Settings
Security Settings
System Services
Application Identity (Startup Mode: Automatic)
Permissions
No permissions specified
Auditing
No auditing specified
Windows Remote Management (WS-Management) (Startup Mode: Automatic)
Permissions
No permissions specified
Auditing
No auditing specified
Application Control Policies
Appx Rules
PolicySetting
Enforce rules of this typeTrue

ActionUserNameRule TypeExceptions
DenyEMEA\NL-L-SEC-AppLocker RestrictedMicrosoft.MicrosoftEdgeDevToolsClient, from Microsoft CorporationPublisherNo
DenyEMEA\NL-L-SEC-AppLocker RestrictedMicrosoft.Windows.NarratorQuickStart, from MicrosoftPublisherNo
DenyEMEA\NL-L-SEC-AppLocker RestrictedMicrosoft.Winget.Source, from Microsoft CorporationPublisherNo
AllowEveryoneAll signed packaged appsPublisherNo
DenyEMEA\NL-L-SEC-AppLocker RestrictedMicrosoft.DesktopAppInstaller, from Microsoft CorporationPublisherNo
DenyEMEA\NL-L-SEC-AppLocker RestrictedMicrosoft.Windows.ParentalControls, from Microsoft CorporationPublisherNo
DenyEMEA\NL-L-SEC-AppLocker Restrictedc5e2524a-ea46-4f67-841f-6a9465d9d515, from Microsoft CorporationPublisherNo
DenyEMEA\NL-L-SEC-AppLocker RestrictedNcsiUwpApp, from MicrosoftPublisherNo
DenyEMEA\NL-L-SEC-AppLocker RestrictedMicrosoft.AsyncTextService, from Microsoft CorporationPublisherNo
DenyEMEA\NL-L-SEC-AppLocker RestrictedMicrosoft.Windows.Apprep.ChxApp, from Microsoft CorporationPublisherNo
DenyEMEA\NL-L-SEC-AppLocker RestrictedMicrosoft.VP9VideoExtensions, from Microsoft CorporationPublisherNo
DenyEMEA\NL-L-SEC-AppLocker Restricted1527c705-839a-4832-9118-54d4Bd6a0c89, from Microsoft CorporationPublisherNo
AllowBUILTIN\AdministratorsAll signed packaged appsPublisherNo
DenyEMEA\NL-L-SEC-AppLocker RestrictedMicrosoft.Windows.SecHealthUI, from Microsoft CorporationPublisherNo
DenyEMEA\NL-L-SEC-AppLocker RestrictedMicrosoft.Windows.ContentDeliveryManager, from Microsoft CorporationPublisherNo
DenyEMEA\NL-L-SEC-AppLocker RestrictedMicrosoft.Windows.XGpuEjectDialog, from Microsoft CorporationPublisherNo
DenyEMEA\NL-L-SEC-AppLocker RestrictedMicrosoft.Windows.SecureAssessmentBrowser, from Microsoft CorporationPublisherNo
DenyEMEA\NL-L-SEC-AppLocker RestrictedMicrosoft.Windows.Search, from Microsoft CorporationPublisherNo
DenyEMEA\NL-L-SEC-AppLocker RestrictedMicrosoft.BioEnrollment, from Microsoft CorporationPublisherNo
DenyEMEA\NL-L-SEC-AppLocker RestrictedF46D4000-FD22-4DB4-AC8E-4E1DDDE828FE, from Microsoft CorporationPublisherNo
DenyEMEA\NL-L-SEC-AppLocker RestrictedMicrosoft.BingSearch, from Microsoft CorporationPublisherNo
DenyEMEA\NL-L-SEC-AppLocker RestrictedMicrosoft.Windows.DevHome, from Microsoft CorporationPublisherNo
DenyEMEA\NL-L-SEC-AppLocker RestrictedMicrosoft.XboxGameCallableUI, from Microsoft CorporationPublisherNo
DenyEMEA\NL-L-SEC-AppLocker RestrictedMicrosoft.ECApp, from Microsoft CorporationPublisherNo
Dll Rules
No rules of type 'Dll Rules' are defined.
Executable Rules
PolicySetting
Enforce rules of this typeTrue

ActionUserNameRule TypeExceptions
DenyEMEA\NL-L-SEC-AppLocker RestrictedPOWERSHELL_ISE.EXE, in MICROSOFT® WINDOWS® OPERATING SYSTEM, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=USPublisherNo
AllowEveryoneJABRA DIRECT, from O=GN AUDIO A/S, L=BALLERUP, C=DKPublisherNo
AllowEMEA\NL-L-SEC-AppLocker Allow Snipping ToolSNIPPINGTOOL.EXE, in MICROSOFT® WINDOWS® OPERATING SYSTEM, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=USPublisherNo
AllowEveryoneSigned by O=CITRIX SYSTEMS, INC., L=FORT LAUDERDALE, S=FLORIDA, C=USPublisherNo
DenyEMEA\NL-L-SEC-AppLocker RestrictedWORDPAD.EXE, in MICROSOFT® WINDOWS® OPERATING SYSTEM, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=USPublisherNo
AllowEveryoneGOTOMEETING, from O=LOGMEIN, INC., L=BOSTON, S=MASSACHUSETTS, C=USPublisherNo
AllowEMEA\NL-L-SEC-AppLocker Allow NotepadNOTEPAD.EXE, in MICROSOFT® WINDOWS® OPERATING SYSTEM, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=USPublisherNo
DenyEMEA\NL-L-SEC-User Exceptions and Settings All CSSONEDRIVE.EXE, in MICROSOFT ONEDRIVE, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=USPublisherNo
AllowEMEA\NL-L-SEC-AppLocker Allow ITSLACK, from O=SLACK TECHNOLOGIES, LLC, L=SAN FRANCISCO, S=CALIFORNIA, C=USPublisherNo
DenyEMEA\NL-L-SEC-AppLocker Deny MSEDGEMSEDGE.EXE, in MICROSOFT EDGE, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=USPublisherNo
AllowEveryoneGOOGLE CHROME, from O=GOOGLE LLC, L=MOUNTAIN VIEW, S=CALIFORNIA, C=USPublisherNo
AllowEveryoneSCREENMEET, from O=PROJECTOR.IS, INC., L=SAN FRANCISCO, S=CALIFORNIA, C=USPublisherNo
AllowEveryoneGOOGLE UPDATER, from O=GOOGLE LLC, L=MOUNTAIN VIEW, S=CALIFORNIA, C=USPublisherNo
AllowEveryoneSigned by O=ISLAND TECHNOLOGY INC., L=COPPELL, S=TEXAS, C=USPublisherNo
DenyEMEA\NL-L-SEC-AppLocker RestrictedPWSH.DLL, in POWERSHELL, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=USPublisherNo
DenyEMEA\NL-L-SEC-AppLocker RestrictedPOWERSHELL.EXE, in MICROSOFT® WINDOWS® OPERATING SYSTEM, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=USPublisherNo
DenyEMEA\NL-L-SEC-AppLocker RestrictedC:\Program Files\WindowsApps\Microsoft.WindowsFeedback*PathNo
DenyEMEA\NL-L-SEC-AppLocker RestrictedC:\Program Files\WindowsApps\Microsoft.MSPaint*PathNo
DenyEMEA\NL-L-SEC-AppLocker Restrictedc:\Program Files (x86)\Common Files\Java\Java Update\*PathNo
DenyEMEA\NL-L-SEC-AppLocker RestrictedC:\Program Files\Mozilla Firefox\*PathNo
AllowEMEA\NL-L-SEC-AppLocker Allow Snipping Toolc:\Program Files\WindowsApps\Microsoft.ScreenSketch*PathNo
AllowEveryone%OSDRIVE%\USERS\*\APPDATA\LOCAL\MICROSOFT\TEAMS\*PathNo
AllowEveryoneAllow IEX Azure logon (%OSDRIVE%\USERS\*\APPDATA\LOCAL\JXBROWSER\*)PathNo
DenyEMEA\NL-L-SEC-AppLocker Restrictedc:\Program Files\WindowsApps\Microsoft.WindowsTerminal*PathNo
AllowEMEA\NL-L-SEC-AppLocker Allow Snipping Tool%SYSTEM32%\SnippingTool.exePathNo
DenyEMEA\NL-L-SEC-AppLocker RestrictedC:\Windows\System32\osk.exePathNo
DenyEMEA\NL-L-SEC-AppLocker RestrictedC:\Program Files (x86)\Mozilla Firefox\*PathNo
DenyEMEA\NL-L-SEC-User Exceptions and Settings All CSSC:\Program Files\Microsoft OneDrive\OneDrive.exePathNo
DenyEMEA\NL-L-SEC-AppLocker RestrictedC:\Program Files\WindowsApps\microsoft.windowscommunicationsapps*PathNo
DenyEMEA\NL-L-SEC-AppLocker RestrictedC:\Program Files\WindowsApps\Microsoft.Windows.Photos*PathNo
DenyEMEA\NL-L-SEC-AppLocker Restricted%PROGRAMFILES%\WindowsApps\Microsoft.WindowsStore*PathNo
AllowEMEA\NL-L-SEC-AppLocker Allow IT%OSDRIVE%\*PathNo
DenyEMEA\NL-L-SEC-AppLocker RestrictedC:\Windows\WinSxS\amd64_microsoft-windows-wordpad*PathNo
DenyEMEA\NL-L-SEC-AppLocker Restrictedc:\Program Files\WindowsApps\Microsoft.WindowsTerminal*PathNo
AllowEveryoneAll files located in the Program Files folderPathYes
AllowEveryone%OSDRIVE%\PROGRAMDATA\*\SQUIRRELTEMP\*PathNo
AllowEMEA\NL-L-SEC-AppLocker Unrestricted%OSDRIVE%\USERS\*PathNo
AllowEveryoneAll files located in the Windows folderPathYes
DenyEMEA\NL-L-SEC-AppLocker RestrictedC:\Program Files\WindowsApps\Microsoft.Paint*PathNo
AllowEveryone%OSDRIVE%\USERS\*\APPDATA\LOCAL\SQUIRRELTEMP\*PathNo
AllowBUILTIN\Administrators(Default Rule) All filesPathNo
AllowEveryoneSetUserFTA.exeHashNo
Windows Installer Rules
PolicySetting
Enforce rules of this typeTrue

ActionUserNameRule TypeExceptions
AllowEveryoneMICROSOFT TEAMS MEETING ADD-IN FOR MICROSOFT OFFICE, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=USPublisherNo
AllowEveryoneSigned by O=PULSE SECURE, LLC, L=SAN JOSE, S=CALIFORNIA, C=USPublisherNo
AllowEveryoneAll Windows Installer files in %systemdrive%\Windows\InstallerPathNo
AllowBUILTIN\Administrators(Default Rule) All Windows Installer filesPathNo
AllowEMEA\NL-L-SEC-AppLocker Unrestricted%OSDRIVE%\USERS\*PathNo
AllowEveryone%PROGRAMFILES%\WINDOWSAPPS\*PathNo
AllowEMEA\NL-L-SEC-AppLocker Allow IT%OSDRIVE%\*PathNo
Script Rules
PolicySetting
Enforce rules of this typeTrue

ActionUserNameRule TypeExceptions
AllowEMEA\NL-L-SEC-AppLocker Restricted%OSDRIVE%\Users\Public\Fsal\*PathNo
AllowEveryone(Default Rule) All scripts located in the Program Files folderPathNo
AllowEveryone\\Emea.tpg.ads\sysvol\emea.tpg.ads\Policies\*\User\Scripts\Logon\*PathNo
AllowEMEA\NL-L-SEC-AppLocker Allow IT%OSDRIVE%\*PathNo
AllowEveryone(Default Rule) All scripts located in the Windows folderPathNo
AllowEMEA\NL-L-SEC-AppLocker Unrestricted%OSDRIVE%\USERS\*PathNo
AllowBUILTIN\Administrators(Default Rule) All scriptsPathNo
AllowEveryone%OSDRIVE%\PROGRAMDATA\MICROSOFT\GROUPPOLICY\USERS\*PathNo
AllowEveryoneRemoveChromeCookies.batHashNo
AllowEveryoneRemoveEdgeCookies.batHashNo
Preferences
Windows Settings
Registry
DisableAIDataAnalysis (Order: 1)
General
ActionUpdate
Properties
HiveHKEY_LOCAL_MACHINE
Key pathSOFTWARE\Policies\Microsoft\Windows\WindowsAI
Value nameDisableAIDataAnalysis
Value typeREG_DWORD
Value data0x1 (1)
Common
Options
Stop processing items on this extension if an error occurs on this itemNo
Remove this item when it is no longer appliedNo
Apply once and do not reapplyNo
User Configuration (Enabled)
No settings defined.