Intune AppLocker OMA-URI

Mikkel Lund Knudsen 111 Reputation points
2022-09-12T17:45:43.557+00:00

Hey,

So we are trying to replace our current AppLocker GPO from our Hybrid.

Using Configuration Profile in Intune and Device Configuration Profiles / Custom.

./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/apps/EXE/Policy

So our Value * looks like this :

<RuleCollection Type="Exe" EnforcementMode="Enabled">
<FilePathRule Id="921cc481-6e17-4653-8f75-050b80acca20" Name="(Default Rule) All files located in the Program Files folder" Description="Allows members of the Everyone group to run applications that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePathCondition Path="%PROGRAMFILES%*" />
</Conditions>
</FilePathRule>
<FilePathRule Id="a61c8b2c-a319-4cd0-9690-d2177cad7b51" Name="(Default Rule) All files located in the Windows folder" Description="Allows members of the Everyone group to run applications that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePathCondition Path="%WINDIR%*" />
</Conditions>
</FilePathRule>
<FilePathRule Id="fd686d83-a829-4351-8ff4-27c7de5755d2" Name="(Default Rule) All files" Description="Allows members of the local Administrators group to run all applications." UserOrGroupSid="S-1-5-32-544" Action="Allow">
<Conditions>
<FilePathCondition Path="*" />
</Conditions>
</FilePathRule>
</RuleCollection>

However, it does not seem to be working.

Even in Event Viewer I get the Event ID of 8001 stating that : The AppLocker policy was applied successfully to this computer.

But it doesn't seem to apply regardless?

What am I doing wrong here?

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,884 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Mikkel Lund Knudsen 111 Reputation points
    2022-09-22T20:13:34.56+00:00

    Just an update from here, seemed to be a formatting thing.

    The first line of the .xml should keep its space in the first line :

    Like this : <RuleCollection Type="Exe" EnforcementMode="AuditOnly">
    Not like this :<RuleCollection Type="Exe" EnforcementMode="AuditOnly">

    Hope it makes sense.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.