OOBE Audit Mode and AppLocker
Hello,
I am currently creating a Windows 8.1 customised .wim for my organisation. Upon booting into Audit Mode via Shift+Ctrl+F3 I have attempted to create a rule to "Deny" users accessing Metro Applications via AppLocker as instructed via
Microsoft documentation. When selecting "use an installed packaged app as a reference" the list of applications is empty. Im suspecting this is because im in oobe audit mode? If I come out of audit mode and then set the same rule via AppLocker I
am presented with a list of installed Metro applications to choose from.
My question is how can I prevent Metro applications from within audit mode. I really want to use local gpedit.msc and not central GPO as we dont have Server 2012 DC's.
Any help would be appreciated.
- Edited by
Paddy831
19 hours 16 minutes ago
February 17th, 2014 10:56am
If I read between the lines you have some kind of domain environment with X number of domain controllers? The fact that your DCs are not 2012 or 2012 R2 does not matter at all. You can use all group policy features for Windows 8.1 if you just make sure to
manage/edit group policies from a Windows 8.1 box (using Remote Server Administration Tools). That is regardless if you have Windows Server 2003 domain controllers or later.
February 17th, 2014 2:59pm
This should help:
http://social.technet.microsoft.com/wiki/contents/articles/19899.how-to-update-default-apps-and-limit-access-to-windows-store.aspx
February 17th, 2014 4:50pm
Thanks for the reply Andreas but I do not follow what you are saying? can you please be clearer.
Do you expect me to RSAT to 500 workstations individually to configure the the local GP?
February 18th, 2014 5:53am
Thanks I will give this a try and keep you updated.
February 18th, 2014 6:23am
Assuming you have 500 clients joined to a domain, regardless of what Windows version you have on the domain controllers, I'm suggesting that you create a domain group policy using the GRoup Policy Management console installed with RSAT to deploy your desired
AppLocker configuration to all 500 Machines.
February 18th, 2014 6:33am