Windows 10 How to unlock system settings using Applocker on Win10

  • Thread starter Thread starter liangming2003
  • Start date Start date
L

liangming2003

Hi, All


Below is the command I use to lock apps on win10. System Settings (start ms-settings:)is inaccessible after running it.


But the System Settings is still locked after I removing all the deny rules in secpol.msc, why?


What should I do to just unlock System Settings and keep other app locked? Thanks.



cmd:


sc.exe config appidsvc start= auto 1>nul 2>nul

Powershell -ExecutionPolicy unrestricted "Set-AppLockerPolicy -XMLPolicy .\AppLocker.xml"



AppLocker.xml:


<AppLockerPolicy Version="1">
<RuleCollection Type="Appx" EnforcementMode="NotConfigured" />
<RuleCollection Type="Dll" EnforcementMode="NotConfigured">
<FilePathRule Id="3737732c-99b7-41d4-9037-9cddfb0de0d0" Name="(Default Rule) All DLLs located in the Program Files folder" Description="Allows members of the Everyone group to load DLLs that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePathCondition Path="%PROGRAMFILES%\*" />
</Conditions>
</FilePathRule>
<FilePathRule Id="ad2d943b-409f-4af0-ae89-b3cfe7d0c85b" Name="zipfldr.dll" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePathCondition Path="%SYSTEM32%\zipfldr.dll" />
</Conditions>
</FilePathRule>
<FilePathRule Id="bac4b0bf-6f1b-40e8-8627-8545fa89c8b6" Name="(Default Rule) Microsoft Windows DLLs" Description="Allows members of the Everyone group to load DLLs located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePathCondition Path="%WINDIR%\*" />
</Conditions>
</FilePathRule>
<FilePathRule Id="fe64f59f-6fca-45e5-a731-0f6715327c38" Name="(Default Rule) All DLLs" Description="Allows members of the local Administrators group to load all DLLs." UserOrGroupSid="S-1-5-32-544" Action="Allow">
<Conditions>
<FilePathCondition Path="*" />
</Conditions>
</FilePathRule>
</RuleCollection>
<RuleCollection Type="Exe" EnforcementMode="NotConfigured">
<FilePublisherRule Id="5f61c356-0489-426d-aea8-3f331c94abff" Name="Signed by O=CISCO WEBEX LLC, L=SAN JOSE, S=CALIFORNIA, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="O=CISCO WEBEX LLC, L=SAN JOSE, S=CALIFORNIA, C=US" ProductName="*" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePathRule Id="05b20709-3152-4cea-8911-2324f1db83b8" Name="C:\Windows\System32\ROUTE.EXE" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePathCondition Path="C:\Windows\System32\ROUTE.EXE" />
</Conditions>
</FilePathRule>
<FilePathRule Id="27a2117c-0edd-47a6-83b6-153169698bbf" Name="%SYSTEM32%\ftp.exe" Description="ftp.exe" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePathCondition Path="%SYSTEM32%\ftp.exe" />
</Conditions>
</FilePathRule>
<FilePathRule Id="31e0ea00-6d40-441c-8021-373ece6577c8" Name="%SYSTEM32%\WindowsPowerShell\v1.0\powershell_ise.exe" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePathCondition Path="%SYSTEM32%\WindowsPowerShell\v1.0\powershell_ise.exe" />
</Conditions>
</FilePathRule>
<FilePathRule Id="4b3bf4a0-a712-498a-bdd7-b1badfcfebd1" Name="%WINDIR%\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\*" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePathCondition Path="%WINDIR%\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\*" />
</Conditions>
</FilePathRule>
<FilePathRule Id="56af19bd-9be2-45f3-b9d2-39114c1b1055" Name="%SYSTEM32%\WindowsPowerShell\v1.0\powershell_ise.exe" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePathCondition Path="%SYSTEM32%\WindowsPowerShell\v1.0\powershell_ise.exe" />
</Conditions>
</FilePathRule>
<FilePathRule Id="612f5074-cfc7-4c36-84ee-cb450eb7d432" Name="C:\Windows\System32\OptionalFeatures.exe" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePathCondition Path="C:\Windows\System32\OptionalFeatures.exe" />
</Conditions>
</FilePathRule>
<FilePathRule Id="6a55d975-59b8-4734-ad03-e321ddb00404" Name="C:\Windows\SysWOW64\ROUTE.EXE" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePathCondition Path="C:\Windows\SysWOW64\ROUTE.EXE" />
</Conditions>
</FilePathRule>
<FilePathRule Id="7a883dea-896b-4cc0-88d0-b8d6b080f095" Name="%SYSTEM32%\notepad.exe" Description="notepad.exe" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePathCondition Path="%SYSTEM32%\notepad.exe" />
</Conditions>
</FilePathRule>
<FilePathRule Id="921cc481-6e17-4653-8f75-050b80acca20" Name="(Default Rule) All files located in the Program Files folder" Description="Allows members of the Everyone group to run applications that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePathCondition Path="%PROGRAMFILES%\*" />
</Conditions>
</FilePathRule>
<FilePathRule Id="9508d499-5539-4e3a-b6d0-cc7262591b27" Name="%SYSTEM32%\WindowsPowerShell\v1.0\powershell.exe" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePathCondition Path="%SYSTEM32%\WindowsPowerShell\v1.0\powershell.exe" />
</Conditions>
</FilePathRule>
<FilePathRule Id="9cc4948f-010d-440a-af7a-d5ed5481ee49" Name="%SYSTEM32%\osk.exe" Description="osk.exe" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePathCondition Path="%SYSTEM32%\osk.exe" />
</Conditions>
</FilePathRule>
<FilePathRule Id="a34c916c-e2d0-4a45-9627-14e510408da5" Name="%SYSTEM32%\mspaint.exe" Description="mspaint.exe" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePathCondition Path="%SYSTEM32%\mspaint.exe" />
</Conditions>
</FilePathRule>
<FilePathRule Id="a4da80a7-c7a9-4a10-89d5-13892c39454e" Name="%SYSTEM32%\SnippingTool.exe" Description="SnippingTool.exe" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePathCondition Path="%SYSTEM32%\SnippingTool.exe" />
</Conditions>
</FilePathRule>
<FilePathRule Id="a61c8b2c-a319-4cd0-9690-d2177cad7b51" Name="(Default Rule) All files located in the Windows folder" Description="Allows members of the Everyone group to run applications that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePathCondition Path="%WINDIR%\*" />
</Conditions>
</FilePathRule>
<FilePathRule Id="ac96c7d0-4b69-4935-8890-3189d9804cb8" Name="%SYSTEM32%\subst.exe" Description="subst.exe" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePathCondition Path="%SYSTEM32%\subst.exe" />
</Conditions>
</FilePathRule>
<FilePathRule Id="b655d189-a68b-453f-b250-274b40efd59f" Name="%WINDIR%\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePathCondition Path="%WINDIR%\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" />
</Conditions>
</FilePathRule>
<FilePathRule Id="d24190e0-4abc-49b2-89f3-04a013321f9b" Name="%PROGRAMFILES%\Windows NT\Accessories\wordpad.exe" Description="wordpad.exe" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePathCondition Path="%PROGRAMFILES%\Windows NT\Accessories\wordpad.exe" />
</Conditions>
</FilePathRule>
<FilePathRule Id="e46cf12b-7806-4598-99ea-13e8320a45ca" Name="%SYSTEM32%\msconfig.exe" Description="msconfig.exe" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePathCondition Path="%SYSTEM32%\msconfig.exe" />
</Conditions>
</FilePathRule>
<FilePathRule Id="eb0b00fa-7523-4823-a189-56fe4d064818" Name="%SYSTEM32%\WindowsPowerShell\v1.0\powershell.exe" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePathCondition Path="%SYSTEM32%\WindowsPowerShell\v1.0\powershell.exe" />
</Conditions>
</FilePathRule>
<FilePathRule Id="f8dca185-e33a-4d7b-9ef6-12ff948f37f6" Name="%WINDIR%\ImmersiveControlPanel\SystemSettings.exe" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePathCondition Path="%WINDIR%\ImmersiveControlPanel\SystemSettings.exe" />
</Conditions>
</FilePathRule>
<FilePathRule Id="fd686d83-a829-4351-8ff4-27c7de5755d2" Name="(Default Rule) All files" Description="Allows members of the local Administrators group to run all applications." UserOrGroupSid="S-1-5-32-544" Action="Allow">
<Conditions>
<FilePathCondition Path="*" />
</Conditions>
</FilePathRule>
</RuleCollection>
<RuleCollection Type="Msi" EnforcementMode="NotConfigured" />
<RuleCollection Type="Script" EnforcementMode="NotConfigured" />
</AppLockerPolicy>

Continue reading...
 
Back
Top