This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 39%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Hi
Can someone please save my sanity. I have lots of GPOS in my domains and somewhere there is a rule that is allowing virtru.msi to be installed and run by any user in my organisation. All other msi are blocked.
How can i find out why this one is being allowed to run? Easy way as i have so many GPO's and users.
Applocker is on and msi are listed just as an fyi
Thanks
Hi @CCurtis777
Apparently Microsoft doesn´t have a specific tool that would allow you to create list of GPOs by actions. In this case, it would require narrowing down the issue, decomposing the elements involved.
In this sense, the best option would be to isolate a user(s) that could install the mentioned MSI file, the run a RSOP of applied policites for example with GPRESULT /H OUTPUT.HTML and review the policies applied.
Additionally you can use the powershell Get-GPOReport to get GPO, that would allow to run XML report for each GPO in the specified domain:
Hope this helps with your query,
--
--If the reply is helpful, please Upvote and Accept as answer--