Hello,

I am currently creating a Windows 8.1 customised .wim for my organisation. Upon booting into Audit Mode via Shift+Ctrl+F3 I have attempted to create a rule to "Deny" users accessing Metro Applications via AppLocker as instructed via Microsoft documentation. When selecting "use an installed packaged app as a reference" the list of applications is empty. Im suspecting this is because im in oobe audit mode? If I come out of audit mode and then set the same rule via AppLocker I am presented with a list of installed Metro applications to choose from.

My question is how can I prevent  Metro applications from within audit mode. I really want to use local gpedit.msc and not central GPO as we dont have Server 2012 DC's.

Any help would be appreciated.

• Edited by Paddy831 19 hours 16 minutes ago

If I read between the lines you have some kind of domain environment with X number of domain controllers? The fact that your DCs are not 2012 or 2012 R2 does not matter at all. You can use all group policy features for Windows 8.1 if you just make sure to manage/edit group policies from a Windows 8.1 box (using Remote Server Administration Tools). That is regardless if you have Windows Server 2003 domain controllers or later.

This should help:

http://social.technet.microsoft.com/wiki/contents/articles/19899.how-to-update-default-apps-and-limit-access-to-windows-store.aspx

Thanks for the reply Andreas but I do not follow what you are saying? can you please be clearer.

Do you expect me to RSAT to 500 workstations individually to configure the the local GP?

Thanks I will give this a try and keep you updated.

Assuming you have 500 clients joined to a domain, regardless of what Windows version you have on the domain controllers, I'm suggesting that you create a domain group policy using the GRoup Policy Management console installed with RSAT to deploy your desired AppLocker configuration to all 500 Machines.