Windows 10: How to unlock system settings using Applocker on Win10

Discus and support How to unlock system settings using Applocker on Win10 in Windows 10 Customization to solve the problem; Hi, All Below is the command I use to lock apps on win10. System Settings start ms-settings:is inaccessible after running it. But the System... Discussion in 'Windows 10 Customization' started by liangming2003, Mar 19, 2021.

  1. LIANGMING2003
    liangming2003 Win User

    How to unlock system settings using Applocker on Win10


    Hi, All


    Below is the command I use to lock apps on win10. System Settings start ms-settings:is inaccessible after running it.


    But the System Settings is still locked after I removing all the deny rules in secpol.msc, why?


    What should I do to just unlock System Settings and keep other app locked? Thanks.



    cmd:


    sc.exe config appidsvc start= auto 1>nul 2>nul

    Powershell -ExecutionPolicy unrestricted "Set-AppLockerPolicy -XMLPolicy .\AppLocker.xml"



    AppLocker.xml:


    <AppLockerPolicy Version="1">
    <RuleCollection Type="Appx" EnforcementMode="NotConfigured" />
    <RuleCollection Type="Dll" EnforcementMode="NotConfigured">
    <FilePathRule Id="3737732c-99b7-41d4-9037-9cddfb0de0d0" Name="Default Rule All DLLs located in the Program Files folder" Description="Allows members of the Everyone group to load DLLs that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow">
    <Conditions>
    <FilePathCondition Path="%PROGRAMFILES%\*" />
    </Conditions>
    </FilePathRule>
    <FilePathRule Id="ad2d943b-409f-4af0-ae89-b3cfe7d0c85b" Name="zipfldr.dll" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
    <Conditions>
    <FilePathCondition Path="%SYSTEM32%\zipfldr.dll" />
    </Conditions>
    </FilePathRule>
    <FilePathRule Id="bac4b0bf-6f1b-40e8-8627-8545fa89c8b6" Name="Default Rule Microsoft Windows DLLs" Description="Allows members of the Everyone group to load DLLs located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow">
    <Conditions>
    <FilePathCondition Path="%WINDIR%\*" />
    </Conditions>
    </FilePathRule>
    <FilePathRule Id="fe64f59f-6fca-45e5-a731-0f6715327c38" Name="Default Rule All DLLs" Description="Allows members of the local Administrators group to load all DLLs." UserOrGroupSid="S-1-5-32-544" Action="Allow">
    <Conditions>
    <FilePathCondition Path="*" />
    </Conditions>
    </FilePathRule>
    </RuleCollection>
    <RuleCollection Type="Exe" EnforcementMode="NotConfigured">
    <FilePublisherRule Id="5f61c356-0489-426d-aea8-3f331c94abff" Name="Signed by O=CISCO WEBEX LLC, L=SAN JOSE, S=CALIFORNIA, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
    <Conditions>
    <FilePublisherCondition PublisherName="O=CISCO WEBEX LLC, L=SAN JOSE, S=CALIFORNIA, C=US" ProductName="*" BinaryName="*">
    <BinaryVersionRange LowSection="*" HighSection="*" />
    </FilePublisherCondition>
    </Conditions>
    </FilePublisherRule>
    <FilePathRule Id="05b20709-3152-4cea-8911-2324f1db83b8" Name="C:\Windows\System32\ROUTE.EXE" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
    <Conditions>
    <FilePathCondition Path="C:\Windows\System32\ROUTE.EXE" />
    </Conditions>
    </FilePathRule>
    <FilePathRule Id="27a2117c-0edd-47a6-83b6-153169698bbf" Name="%SYSTEM32%\ftp.exe" Description="ftp.exe" UserOrGroupSid="S-1-1-0" Action="Deny">
    <Conditions>
    <FilePathCondition Path="%SYSTEM32%\ftp.exe" />
    </Conditions>
    </FilePathRule>
    <FilePathRule Id="31e0ea00-6d40-441c-8021-373ece6577c8" Name="%SYSTEM32%\WindowsPowerShell\v1.0\powershell_ise.exe" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
    <Conditions>
    <FilePathCondition Path="%SYSTEM32%\WindowsPowerShell\v1.0\powershell_ise.exe" />
    </Conditions>
    </FilePathRule>
    <FilePathRule Id="4b3bf4a0-a712-498a-bdd7-b1badfcfebd1" Name="%WINDIR%\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\*" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
    <Conditions>
    <FilePathCondition Path="%WINDIR%\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\*" />
    </Conditions>
    </FilePathRule>
    <FilePathRule Id="56af19bd-9be2-45f3-b9d2-39114c1b1055" Name="%SYSTEM32%\WindowsPowerShell\v1.0\powershell_ise.exe" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
    <Conditions>
    <FilePathCondition Path="%SYSTEM32%\WindowsPowerShell\v1.0\powershell_ise.exe" />
    </Conditions>
    </FilePathRule>
    <FilePathRule Id="612f5074-cfc7-4c36-84ee-cb450eb7d432" Name="C:\Windows\System32\OptionalFeatures.exe" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
    <Conditions>
    <FilePathCondition Path="C:\Windows\System32\OptionalFeatures.exe" />
    </Conditions>
    </FilePathRule>
    <FilePathRule Id="6a55d975-59b8-4734-ad03-e321ddb00404" Name="C:\Windows\SysWOW64\ROUTE.EXE" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
    <Conditions>
    <FilePathCondition Path="C:\Windows\SysWOW64\ROUTE.EXE" />
    </Conditions>
    </FilePathRule>
    <FilePathRule Id="7a883dea-896b-4cc0-88d0-b8d6b080f095" Name="%SYSTEM32%\notepad.exe" Description="notepad.exe" UserOrGroupSid="S-1-1-0" Action="Deny">
    <Conditions>
    <FilePathCondition Path="%SYSTEM32%\notepad.exe" />
    </Conditions>
    </FilePathRule>
    <FilePathRule Id="921cc481-6e17-4653-8f75-050b80acca20" Name="Default Rule All files located in the Program Files folder" Description="Allows members of the Everyone group to run applications that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow">
    <Conditions>
    <FilePathCondition Path="%PROGRAMFILES%\*" />
    </Conditions>
    </FilePathRule>
    <FilePathRule Id="9508d499-5539-4e3a-b6d0-cc7262591b27" Name="%SYSTEM32%\WindowsPowerShell\v1.0\powershell.exe" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
    <Conditions>
    <FilePathCondition Path="%SYSTEM32%\WindowsPowerShell\v1.0\powershell.exe" />
    </Conditions>
    </FilePathRule>
    <FilePathRule Id="9cc4948f-010d-440a-af7a-d5ed5481ee49" Name="%SYSTEM32%\osk.exe" Description="osk.exe" UserOrGroupSid="S-1-1-0" Action="Deny">
    <Conditions>
    <FilePathCondition Path="%SYSTEM32%\osk.exe" />
    </Conditions>
    </FilePathRule>
    <FilePathRule Id="a34c916c-e2d0-4a45-9627-14e510408da5" Name="%SYSTEM32%\mspaint.exe" Description="mspaint.exe" UserOrGroupSid="S-1-1-0" Action="Deny">
    <Conditions>
    <FilePathCondition Path="%SYSTEM32%\mspaint.exe" />
    </Conditions>
    </FilePathRule>
    <FilePathRule Id="a4da80a7-c7a9-4a10-89d5-13892c39454e" Name="%SYSTEM32%\SnippingTool.exe" Description="SnippingTool.exe" UserOrGroupSid="S-1-1-0" Action="Deny">
    <Conditions>
    <FilePathCondition Path="%SYSTEM32%\SnippingTool.exe" />
    </Conditions>
    </FilePathRule>
    <FilePathRule Id="a61c8b2c-a319-4cd0-9690-d2177cad7b51" Name="Default Rule All files located in the Windows folder" Description="Allows members of the Everyone group to run applications that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow">
    <Conditions>
    <FilePathCondition Path="%WINDIR%\*" />
    </Conditions>
    </FilePathRule>
    <FilePathRule Id="ac96c7d0-4b69-4935-8890-3189d9804cb8" Name="%SYSTEM32%\subst.exe" Description="subst.exe" UserOrGroupSid="S-1-1-0" Action="Deny">
    <Conditions>
    <FilePathCondition Path="%SYSTEM32%\subst.exe" />
    </Conditions>
    </FilePathRule>
    <FilePathRule Id="b655d189-a68b-453f-b250-274b40efd59f" Name="%WINDIR%\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
    <Conditions>
    <FilePathCondition Path="%WINDIR%\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" />
    </Conditions>
    </FilePathRule>
    <FilePathRule Id="d24190e0-4abc-49b2-89f3-04a013321f9b" Name="%PROGRAMFILES%\Windows NT\Accessories\wordpad.exe" Description="wordpad.exe" UserOrGroupSid="S-1-1-0" Action="Deny">
    <Conditions>
    <FilePathCondition Path="%PROGRAMFILES%\Windows NT\Accessories\wordpad.exe" />
    </Conditions>
    </FilePathRule>
    <FilePathRule Id="e46cf12b-7806-4598-99ea-13e8320a45ca" Name="%SYSTEM32%\msconfig.exe" Description="msconfig.exe" UserOrGroupSid="S-1-1-0" Action="Deny">
    <Conditions>
    <FilePathCondition Path="%SYSTEM32%\msconfig.exe" />
    </Conditions>
    </FilePathRule>
    <FilePathRule Id="eb0b00fa-7523-4823-a189-56fe4d064818" Name="%SYSTEM32%\WindowsPowerShell\v1.0\powershell.exe" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
    <Conditions>
    <FilePathCondition Path="%SYSTEM32%\WindowsPowerShell\v1.0\powershell.exe" />
    </Conditions>
    </FilePathRule>
    <FilePathRule Id="f8dca185-e33a-4d7b-9ef6-12ff948f37f6" Name="%WINDIR%\ImmersiveControlPanel\SystemSettings.exe" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
    <Conditions>
    <FilePathCondition Path="%WINDIR%\ImmersiveControlPanel\SystemSettings.exe" />
    </Conditions>
    </FilePathRule>
    <FilePathRule Id="fd686d83-a829-4351-8ff4-27c7de5755d2" Name="Default Rule All files" Description="Allows members of the local Administrators group to run all applications." UserOrGroupSid="S-1-5-32-544" Action="Allow">
    <Conditions>
    <FilePathCondition Path="*" />
    </Conditions>
    </FilePathRule>
    </RuleCollection>
    <RuleCollection Type="Msi" EnforcementMode="NotConfigured" />
    <RuleCollection Type="Script" EnforcementMode="NotConfigured" />
    </AppLockerPolicy>

    :)
     
    liangming2003, Mar 19, 2021
    #1
  2. AHMD
    ahmd Win User

    How to set up AppLocker restrictions on Windows 10 Pro?

    I'm installing an office PC in a small business and I was wondering how do I enable AppLocker restrictions?

    It seems like I've set them up in the gpedit.msc console, then started up AppIdentity service (set it to auto-run) but no matter what I do, the restrictions are not enabled, even though this site says that AppLocker is supported on Windows 10 Pro.

    Any idea how to use that AppLocker on Win10?

    PS. I want to white-list which software (executables) and what types of files can be opened on that machine.
     
    ahmd, Mar 19, 2021
    #2
  3. HELLO123
    hello123 Win User
    Applocker help

    Hi all,

    Trying to configure applocker but have some questions:


    1. Configuring on our server, it can't find most of the Win10 apps under the Packaged apps option because they aren't installed on the server, is there a way to find these so I can block them? I can find the options if I edit my local group policy, would it best to configure locally then export/import to the server, would that work?


    any help will be much appreciated

    thank you
     
    hello123, Mar 19, 2021
    #3
  4. CHRISTOPHER358
    christopher358 Win User

    How to unlock system settings using Applocker on Win10

    about the applocker

    hey if anyones there....plzz....i had downloaded the Applocker app for my nokia n900.

    i hav hidden all apps excluding media player and web.

    how can i unlock all apps bcoz Applocker itself is locked

    and i hav also hid the xterminal

    plzz reply
     
    christopher358, Mar 19, 2021
    #4
Thema:

How to unlock system settings using Applocker on Win10

Loading...

  1. How to unlock system settings using Applocker on Win10 - Similar Threads - unlock system settings

  2. Applocker

    in Windows 10 Software and Apps
    Applocker: Hello I heard about applocker and how it helps to protect the PC.Should I enable applocker?Does it change the way I use my pc? https://answers.microsoft.com/en-us/windows/forum/all/applocker/40002d03-47d1-4cf4-afa6-233018750a75

  3. AppLocker issues with Win10 Enterprise.

    in Windows 10 Gaming
    AppLocker issues with Win10 Enterprise.: Hello,We are currently testing implementation of Applocker to win10 devices. The applocker configuration is delivered by GPO. Right now we are keeping things very simple buy using the "Create Default Rules" option in all, 5 categories such as Executable rules, DLL rules and...

  4. AppLocker issues with Win10 Enterprise.

    in Windows 10 Software and Apps
    AppLocker issues with Win10 Enterprise.: Hello,We are currently testing implementation of Applocker to win10 devices. The applocker configuration is delivered by GPO. Right now we are keeping things very simple buy using the "Create Default Rules" option in all, 5 categories such as Executable rules, DLL rules and...

  5. AppLocker issues with Win10 Enterprise.

    in Windows 10 Customization
    AppLocker issues with Win10 Enterprise.: Hello,We are currently testing implementation of Applocker to win10 devices. The applocker configuration is delivered by GPO. Right now we are keeping things very simple buy using the "Create Default Rules" option in all, 5 categories such as Executable rules, DLL rules and...

  6. applocker

    in Windows 10 Support
    applocker: Hi all, There is a need to implement application whitelisting in my company. We are using windows 10 pro. So I decide to explore applocker as a mean to disable files from being run. I have created the default rules and base on what I've read. "Any executable file not allowed...

  7. AppLocker blocking Windows Settings

    in Windows 10 Customization
    AppLocker blocking Windows Settings: Hi, I am using a Windows 10 Enterprise 2016 LTSB OS version 1607 OS build 14393.0 and I am trying to configure some settings for AppLocker. I have only created the basic rules, but after some time after a gpupdate I have difficulties launching the Windows Settingseven as an...

  8. Applocker

    in Windows 10 Software and Apps
    Applocker: Hi all, I disable access to IE using applocker but now its blocking all exe files on the system There is solution for this? Thanks 152683

  9. Applocker

    in Windows 10 Support
    Applocker: Hi all, I disable access to IE using applocker but now its blocking all exe files on the system There is solution for this? Thanks 152683

  10. Win10: How to set up external HDD to be used for system image backups

    in Windows 10 Support
    Win10: How to set up external HDD to be used for system image backups: How do I set up an external HDD to be used for system image backups? For example, specify how many images to keep, schedule the backup, etc. also, can I use the drive for anything else other than image copies? 20398