A signed msi file is able to be downloaded and executed, even though others are blocked with group policy

CCurtis777 1 Reputation point
2022-03-24T01:16:33.863+00:00

Hi

Can someone please save my sanity. I have lots of GPOS in my domains and somewhere there is a rule that is allowing virtru.msi to be installed and run by any user in my organisation. All other msi are blocked.
How can i find out why this one is being allowed to run? Easy way as i have so many GPO's and users.
Applocker is on and msi are listed just as an fyi

Thanks

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,830 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 39,416 Reputation points
    2022-03-30T10:42:46.31+00:00

    Hi @CCurtis777

    Apparently Microsoft doesn´t have a specific tool that would allow you to create list of GPOs by actions. In this case, it would require narrowing down the issue, decomposing the elements involved.

    In this sense, the best option would be to isolate a user(s) that could install the mentioned MSI file, the run a RSOP of applied policites for example with GPRESULT /H OUTPUT.HTML and review the policies applied.

    Additionally you can use the powershell Get-GPOReport to get GPO, that would allow to run XML report for each GPO in the specified domain:

    https://learn.microsoft.com/en-us/powershell/module/grouppolicy/get-gporeport?view=windowsserver2022-ps

    Hope this helps with your query,

    --
    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments