This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 55.00000000000001%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJH%3C/text%3E%3C/svg%3E)
I am looking at implementing AppLocker to deny executables running from the downloads folder.
I have the following set via GPO
When i apply the group policy it works as expected. I am blocked from running exe files from the downloads folder.
But with it applied it causes some strange issues with other applications.
For example Outlook and MS Teams will no longer connect but can be run.
And the start menu or search no longer respond.
As soon as i remove the GPO and perform a gpupdate they begin to work again.
Looking in the event logs there are no 8004 events for any of these applications.
Figured out the issue,
Noticed in the "Packaged app-Execution" event logs errors stating "No packaged apps can be executed while Exe rules are being enforced and no Packaged app rules have been configured."
Creating the default allow rule in Package app rules fixed it
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 64%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
I recently found a problem in Server 2022, setting up Edge and IE 11 to be blocked in AppLocker via GPO. In my test environment, I created the GPO and configured Executable Rules for both using Path as the condition denying access to Everyone. I linked the GPO to my test OU, and it blocked them both, but it also blocked Settings app from opening. Watching the AppLocker Event Logs I also saw "No packaged apps can be executed while Exe rules are being enforced and no Packaged app rules have been configured" So I researched Packaged app rules and found your article here. I added an allow rule for Microsoft Edge and that worked. IE / Edge blocked but Settings App was accessible. Big WIN!! I tried this in my production environment but when I went to set the Packaged app allow rule there was no Microsoft Edge???, but there was Settings package for WINDOWS.IMMERSIVECONTROLPANEL allowing that rule worked allowing the Settings app to work! I guess in the end my conclusion is that IE and Edge are still so deep rooted in the OS;s "Immersive" experience that blocking them breaks some things that you really need.
Your article here helped me find the magic jelly bean I needed to get my problem solved. THANK YOU!!!
