Application Restrictions with Intune
Afternoon, I work for a school and we have started the migration to Intune but come across a sticking point for locking shared windows devices down under exam conditions. We require to prevent a specific exam user account from accessing all applications other than Word and Adobe DC Reader, therefor blocking access to apps such as maps, calculator, Edge, Chrome.... Currently this is achieved using AppLocker via Group Policy and set to apply to an AD user group that contains the exam user account. I have replicated the Applocker policies in Intune but don't see a way to apply these to an EntraID group in the same way as AD groups. The Device Configuration Policy is assigned to the exam user and has applied when logged in to a Shared Windows Device, however if another user logs on to the shared device they are also blocked from using the apps. Is there a way to ensure that only the specific user is restricted when signing in to shared windows devices ? Regards
Error APPlocker: dont blocking, only audit
I created an APPLocker rule via GPO to block the installation of applications; however, the blocking is not working, only generating a log in the event viewer with the message: "softwarexx.exe was allowed to run, but it would have been prevented if the AppLocker policy were applied. I have already checked, and the computer is in the OU where the GPO is applied. I verified the GPO links and groups, and they are correct. I also checked the "Application Identity" service on the workstation, and it is running. Both the domain controllers and the workstation are fully up-to-date. The domain controller is Windows Server 2016, and the workstation is Windows 10 Pro version 22H2. I tried using the "Enforce rules" option, but it doesn't work. It only audits. I created a lab environment, and the APPLocker rule worked correctly there. The only difference from the non-working environment is the version of the domain controller; in my lab, it's Windows Server 2019, while in the non-working environment, it's Windows Server 2016. Could this be related? I checked the APPLocker documentation, and it states that WS 2016 is supported. Can someone help me?
Applocker CSP updates not working
Hello! We are using applocker via CSP (https://learn.microsoft.com/en-us/windows/client-management/mdm/applocker-csp) and it has been working great for years. But for some reason it resently stoped working with updates. If i publish a new XML the device will ge the XML, I can verify it by looking att the XML files in c:\Windows\system32\AppLocker\MDM\x\x\Applocker\ApplicationLaunchRestrictions\x\ and then the coresponding folder for each type, but it wont apply unit i remove all .policy files in c:\Windows\system32\AppLocker Can anyone help me understand why I need to delete those files in order to get it working?
