Windows 10 Pro Group Policy Fix

Discussion in 'Windows 10' started by dobbelina, Aug 15, 2016.

  1. dobbelina

    dobbelina MDL Senior Member

    Apr 2, 2009
    425
    508
    10
    #1 dobbelina, Aug 15, 2016
    Last edited: Aug 15, 2016
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. Garbellano

    Garbellano MDL Addicted

    Aug 13, 2012
    948
    246
    30
    Applocker is not present in Pro, since windows 8, only on Enterprise and Education.

    btw, one of the best features that 7 have.
     
  3. Leporello

    Leporello MDL Novice

    Sep 20, 2010
    31
    7
    0
    And what have I just found, used and adjusted on my Windows 10 Pro 1607 Os Build 14393.51 ????
     
  4. gnugeek

    gnugeek MDL Member

    Nov 23, 2009
    171
    41
    10
    So you want to defy Arnold? :p
     
  5. dobbelina

    dobbelina MDL Senior Member

    Apr 2, 2009
    425
    508
    10
    #5 dobbelina, Aug 15, 2016
    Last edited: Aug 15, 2016
    (OP)
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. hb860

    hb860 MDL Addicted

    May 7, 2010
    990
    1,776
    30
    #6 hb860, Aug 15, 2016
    Last edited by a moderator: Apr 20, 2017
    Anybody on home edition?
    Can you try this tweak?
    I am lazy to setup +1 VM.
    Code:
    Windows Registry Editor Version 5.00
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine]
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software]
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software\Policies]
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software\Policies\Microsoft]
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software\Policies\Microsoft\SystemCertificates]
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software\Policies\Microsoft\Windows]
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software\Policies\Microsoft\Windows\SrpV2]
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software\Policies\Microsoft\Windows\SrpV2\Appx]
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software\Policies\Microsoft\Windows\SrpV2\Appx\32095775-5197-4f30-8cd8-990a7f2be3b7]
    "Value"="<FilePublisherRule Id=\"32095775-5197-4f30-8cd8-990a7f2be3b7\" Name=\"Microsoft.Windows.ContentDeliveryManager, from Microsoft Corporation\" Description=\"\" UserOrGroupSid=\"S-1-1-0\" Action=\"Deny\"><Conditions><FilePublisherCondition PublisherName=\"CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US\" ProductName=\"Microsoft.Windows.ContentDeliveryManager\" BinaryName=\"*\"><BinaryVersionRange LowSection=\"*\" HighSection=\"*\"/></FilePublisherCondition></Conditions></FilePublisherRule>"
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software\Policies\Microsoft\Windows\SrpV2\Dll]
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software\Policies\Microsoft\Windows\SrpV2\Exe]
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software\Policies\Microsoft\Windows\SrpV2\Msi]
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}Machine\Software\Policies\Microsoft\Windows\SrpV2\Script]
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{250FEABB-7D5C-4556-8753-B62A66E5858B}User]
    
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. dobbelina

    dobbelina MDL Senior Member

    Apr 2, 2009
    425
    508
    10
    #8 dobbelina, Aug 16, 2016
    Last edited: Aug 16, 2016
    (OP)
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. dobbelina

    dobbelina MDL Senior Member

    Apr 2, 2009
    425
    508
    10
    #9 dobbelina, Aug 16, 2016
    Last edited: Aug 16, 2016
    (OP)
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. Garbellano

    Garbellano MDL Addicted

    Aug 13, 2012
    948
    246
    30
    I just installed pro on a VM, and you are right!.

    No, I dont use w$ :biggrin:

    Applocker is one of the best things that w$ has. Good to know pro have it.
     
  10. Ricimer

    Ricimer MDL Novice

    Aug 3, 2015
    2
    0
    0
    This doesn't seem to have any effect on my W10 Pro 1607.

    While I can configure the options, they don't seem to do anything, the Application Identity process is set to manual start and cannot be edited (access denied), there are no event log entries for any blocked apps, only ones telling me I have the wrong sku for Applocker.

    Has this been tested *without* the firewall rule?



    Sadly the contentdelivery registry key also gets reset by the initial user creation process, no matter what is set in the default profile, so I'm running out of things to try, I will have a go with the firewall rule next though.
     
  11. xinso

    xinso MDL Guru

    Mar 5, 2009
    3,936
    5,290
    120
    #12 xinso, Aug 22, 2016
    Last edited: Aug 22, 2016
    Thanks. But on VMware and PC, nothing happened.
     
  12. dobbelina

    dobbelina MDL Senior Member

    Apr 2, 2009
    425
    508
    10
    Hmmm?

    Have to test this some more, and ya, go with the firewall solution.
    Don't know if it has to do with the fact that a user actually never interacts with contentdeliverymanager,
    but it does it thing in the background(So to speak), hence applocker has nothing to prevent it from?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...