Windows 10: Use AppLocker to Block Microsoft Store Apps in Windows 10

Discus and support Use AppLocker to Block Microsoft Store Apps in Windows 10 in Windows 10 Tutorials to solve the problem; How to: Use AppLocker to Block Microsoft Store Apps in Windows 10 How to Use AppLocker to Block Microsoft Store Apps from Running in Windows 10... Discussion in 'Windows 10 Tutorials' started by Scottyboy99, Apr 29, 2017.

  1. Use AppLocker to Block Microsoft Store Apps in Windows 10


    How to: Use AppLocker to Block Microsoft Store Apps in Windows 10

    How to Use AppLocker to Block Microsoft Store Apps from Running in Windows 10


    dynamic-link libraries (DLLs), packaged apps, and packaged app installers.

    Packaged apps are also known as Universal Windows Platform (UWP) apps from the Microsoft Store or already included with Windows 10.

    See also:
    This tutorial will show you how to use AppLocker to block specified Microsoft Store apps from running for all or specific users and groups in Windows 10 Enterprise and Windows 10 Education.

    *Warning You must be signed in as an administrator to use AppLocker.


    EXAMPLE: "This app has been blocked by your system administrator" message when any user opens a blocked app

    Use AppLocker to Block Microsoft Store Apps in Windows 10 [​IMG]




    Here's How:

    1. Open an elevated command prompt.

    2. Copy and paste the command below into the elevated command prompt, press Enter, and close the elevated command prompt when it has finished. (see screenshot below)

    *note This command is to make sure the Application Identity service is enabled, set to Automatic, and running. AppLocker cannot enforce rules if this service is not running.
    *Arrow sc config "AppIDSvc" start=auto & net start "AppIDSvc"


    Use AppLocker to Block Microsoft Store Apps in Windows 10 [​IMG]

    3. Open Local Security Policy (secpol.msc).

    4. Expand open Application Control Policies in the left pane of the Local Security Policy window, click/tap on AppLocker, and click/tap on the Configure rule enforcement link on the right side. (see screenshot below)

    Use AppLocker to Block Microsoft Store Apps in Windows 10 [​IMG]

    5. Check the Configured box under Packaged app Rules, and click/tap on OK. (see screenshot below)

    Use AppLocker to Block Microsoft Store Apps in Windows 10 [​IMG]

    6. Expand open AppLocker in the left pane of the Local Security Policy window, right click or press and hold on Packaged app Rules, and click/tap on Create Default Rules. (see screenshots below)

    *note If this step is not done, AppLocker will block all Microsoft Store apps from running.

    Use AppLocker to Block Microsoft Store Apps in Windows 10 [​IMG]

    Use AppLocker to Block Microsoft Store Apps in Windows 10 [​IMG]

    7. Right click or press and hold on Packaged app Rules, and click/tap on Create New Rule. (see screenshot below)

    Use AppLocker to Block Microsoft Store Apps in Windows 10 [​IMG]

    8. Click/tap on Next. (see screenshot below)

    Use AppLocker to Block Microsoft Store Apps in Windows 10 [​IMG]

    9. If you would like to specify a user or group to enforce this rule on, click/tap on Select. (see screenshot below)

    *note The default setting is Everyone for all users and groups.

    Use AppLocker to Block Microsoft Store Apps in Windows 10 [​IMG]


    A) Click/tap on the Advanced button. (see screenshot below)

    Use AppLocker to Block Microsoft Store Apps in Windows 10 [​IMG]

    B) Click/tap on the Find Now button. (see screenshot below)

    Use AppLocker to Block Microsoft Store Apps in Windows 10 [​IMG]

    C) Select a user or group you want, and click/tap on OK. (see screenshot below)

    Use AppLocker to Block Microsoft Store Apps in Windows 10 [​IMG]

    D) Click/tap on OK. (see screenshot below)

    Use AppLocker to Block Microsoft Store Apps in Windows 10 [​IMG]

    10. Select (dot) Deny, and click/tap on Next. (see screenshot below)

    Use AppLocker to Block Microsoft Store Apps in Windows 10 [​IMG]

    11. Select (dot) Use an installed packaged app as a reference, and click/tap on Select. (see screenshot below)

    Use AppLocker to Block Microsoft Store Apps in Windows 10 [​IMG]

    12. Check an app (ex: "Your Phone") you want to block, and click/tap on OK. (see screenshot below)

    Use AppLocker to Block Microsoft Store Apps in Windows 10 [​IMG]

    13. Click/tap on Next. (see screenshot below)

    Use AppLocker to Block Microsoft Store Apps in Windows 10 [​IMG]

    14. Click/tap on Next. (see screenshot below)

    Use AppLocker to Block Microsoft Store Apps in Windows 10 [​IMG]

    15. Click/tap on Create. (see screenshot below)

    Use AppLocker to Block Microsoft Store Apps in Windows 10 [​IMG]

    16. Your new rule for "Packaged app Rules" will now be created. (see screenshot below)

    Use AppLocker to Block Microsoft Store Apps in Windows 10 [​IMG]

    17. Repeat steps 7 to 16 if you would like to create another new rule to block a different Microsoft Store app (aka: packaged app) for a user or group.

    18. When finished, you can close the Local Security Policy window.


    That's it,
    Shawn


    Related Tutorials

    :)
     
    Scottyboy99, Apr 29, 2017
    #1
  2. John_NL Win User

    AppLocker Blocks Windows Store Apps Downloads

    It's now March 2017, this problem is dragging on since August 2015. I've installed Windows 10 Pro in total 4 times on two machines because of this issue.

    My conclusion is that some installer changes the working of AppLocker. But, Windows 10 Pro lacks the ability to change AppLocker settings (you cannot even switch on or off its identity service).

    Interestingly, the many people here on 'answers'.microsoft.com trying to answer this question all come up with the same suggestions that do not work (in my case):

    • wsreset.exe or run the troubleshooter for apps (https://support.microsoft.com/en-us...790db/run-the-troubleshooter-for-windows-apps)
    • Adjust the settings of AppLocker in Local Security Policy (in secpol.msc). This obviously does not work because Windows 10 Pro is not supposed to have AppLocker at all. AppLocker is only available in Enterprise versions.
    • Fiddle around with permission settings
    • Create c:\Windows\AppReadiness
    • Reinstall Windows 10 Pro

    The Pro in Windows 10 Pro stands for Probably.: Probably you need to reinstall.

    For Microsoft (if you want to do something):

    a. The trouble shooter mentions a 'possible' problem with the Store cache. But is does not offer/is unable to do a repair

    b. Doing a harddisk chkdsk could result in a blue screen of death and a subsequent repair of Windows (to a previous version).

    c. Sometimes (at least in my current installed system), it is possible to add a new user to the system, but that user's settings are defected. That user cannot use the start-menu at all, looks like an even more serious problem there.
     
    John_NL, Oct 27, 2019
    #2
  3. JonDupe Win User
    AppLocker Blocks Windows Store Apps Downloads

    For those of you who are suffering from the AppLocker issue...

    First, to set context. AppLocker is a built in security mechanism that allows you to control (Block or Allow) "stuff" from running on your computer. In the context of Modern Apps and the Store, it does not prohibit the use of the store, rather the download,
    installation, and launch of Modern\Universal Applications.

    At our company we have a good number of Windows 8.1 machines in the environment. We use AppLocker to restrict the use of all unknown "Modern Apps" by creating a global Deny rule. In order for all of the "built-in" Windows apps to load correctly (at fist
    login and on update), we had to configure the global deny rule with a wildcard(*) exceptions (you do this that have a values of "*" in the scope of the ). This is similar to a typical firewall configuration where you block everything then make your exceptions
    of stuff you want to allow. Once you have allowed exceptions, you need to have "allow" rules to pass through the global "deny" rule. That means that you have to create specific allow rules for the apps you want users to be able to download, install, and
    launch.

    We also have an allow rule for a specific user group that has '*' as the scope. This rule is necessary if you want to give certain users, such as your Desktop Admins, the ability to download, install, and run all modern apps. This was also an important piece
    for Developers trying to debug a modern app that they are developing. Without this rule developer will not be able to run their modern apps in Visual Studio. This all worked beautifully with Windows 8.1...along comes Windows 10...

    When we first starting building Windows 10 computers, at the time it was 1511, we added new rules to allow all of the new built-in apps. Life was good...or so it seemed. What we found was that any time a modern (or universal app) was trying to update,
    that the updates were being blocked with an 0x80073CF9 error in the store. There was also a corresponding event in the AppLocker logs about the blocked attempt.

    When 1607 came out we tested the issue again hoping that we'd find that it was magically resolved. As we starting re-testing this AppLocker issue when we found that users who were in the "Allow All Apps" group were getting denied the right to "install"
    software by Applocker (I put "install" in quotes intentionally. After doing some troubleshooting and testing on both 1511 and 1607, I found that on both versions the steps to install a modern app are slightly different than they were in Windows 8.1 and that
    AppLocker does not like the changes. In W10 and W8.1 when the apps from the store are first downloaded before they are installed. In Windows 8.1, the app is download under the logged in users context. In Windows 10, the download occurs under local SYSTEM
    and is then passed over to the user context to perform the install. I figured this my looking closely at the user whom the AppLocker log was written for.

    Since "SYSTEM" is not a member of the group that is allowed to use the app (download, install, and run), the action is not allowed to pass through the deny rule exception and AppLocker stops the download process resulting in the 0x80073CF9 error. Just to
    prove my theory I added a test rule to allow "NT AUTHORITY\SYSTEM" and everything stared working as they did in Windows 8.1. I was able to update installed apps and new apps from the store.

    Additionally, we happen to have a Microsoft consultant onsite so I had him run the same exact tests in his lab. He had the same exact issue. This was not a problem caused by a configuration or policy in our environment.

    The bottom line is that Microsoft changed the behavior of how apps are downloaded and installed from the Windows Store. This change broke the way AppLocker works. I REALLY hop that Microsoft fixes this. What I have mentioned in this post is not an acceptable
    workaround...I did this as a test.

    For security reasons, I HIGHLY DISCOURAGE anyone from giving "NT AUTHORITY\SYSTEM" permissions to install ANYTHING from the store.
     
    JonDupe, Oct 27, 2019
    #3
  4. Brink Win User
  5. ahmd Win User
    How to set up AppLocker restrictions on Windows 10 Pro?

    Dude, thanks for the info and sorry for my late reply. I've been bashing my head against it but I still can't make it work. I did everything like it says there but it still didn't do anything. It doesn't block anything. The only difference that I see in your tutorial is this line:

    Like I said I have Pro.
     
  6. Taurean75 Win User
    AppLocker Blocks Windows Store Apps Downloads

    That didn't fix my problem.

    As I've mentioned, Windows Store opens fine... it's just that downloads get blocked by AppLocker.
     
    Taurean75, Oct 27, 2019
    #6
Thema:

Use AppLocker to Block Microsoft Store Apps in Windows 10

Loading...
  1. Use AppLocker to Block Microsoft Store Apps in Windows 10 - Similar Threads - AppLocker Block Microsoft

  2. Block a DLL with Applocker

    in Windows 10 Customization
    Block a DLL with Applocker: Hi all, On my organization we want to implement Applocker to block unauthorized DLLs. So far, I've created a very simple test, I've created an exe file that loads a function stored on a DLL. I created the program using visual studio and C#. [ATTACH] I followed the...
  3. Use AppLocker to Allow or Block DLL Files from Running in Windows 10

    in Windows 10 Tutorials
    Use AppLocker to Allow or Block DLL Files from Running in Windows 10: How to: Use AppLocker to Allow or Block DLL Files from Running in Windows 10 How to Use AppLocker to Allow or Block DLL Files from Running in Windows 10 packaged apps (aka: Microsoft Store apps), and packaged app installers. AppLocker defines DLL rules to include...
  4. Use AppLocker to Allow or Block Windows Installer Files in Windows 10

    in Windows 10 Tutorials
    Use AppLocker to Allow or Block Windows Installer Files in Windows 10: How to: Use AppLocker to Allow or Block Windows Installer Files in Windows 10 How to Use AppLocker to Allow or Block Windows Installer Files from Running in Windows 10 packaged apps (aka: Microsoft Store apps), and packaged app installers. AppLocker defines Windows...
  5. Use AppLocker to Allow or Block Script Files in Windows 10

    in Windows 10 Tutorials
    Use AppLocker to Allow or Block Script Files in Windows 10: How to: Use AppLocker to Allow or Block Script Files in Windows 10 How to Use AppLocker to Allow or Block Script Files from Running in Windows 10 packaged apps (aka: Microsoft Store apps), and packaged app installers. AppLocker defines script rules to include only...
  6. Use AppLocker to Allow or Block Executable Files in Windows 10

    in Windows 10 Tutorials
    Use AppLocker to Allow or Block Executable Files in Windows 10: How to: Use AppLocker to Allow or Block Executable Files in Windows 10 How to Use AppLocker to Allow or Block Executable Files from Running in Windows 10 packaged apps (aka: Microsoft Store apps), and packaged app installers. AppLocker defines executable rules as any...
  7. Blocking Edge with AppLocker

    in Browsers and Email
    Blocking Edge with AppLocker: Does anyone know how to prevent Edge from running using AppLocker rules? I've tried various AppLocker rules to block Edge but Edge keeps running. If you have managed to block Edge using AppLocker, what rules did you create for this block to work? 83673
  8. AppLocker Blocks Windows Store Apps Downloads

    in Windows 10 Software and Apps
    AppLocker Blocks Windows Store Apps Downloads: Hello -- I've Windows 10 Pro x64, and I did a clean install a few days ago because of a similar issue. Now, Windows Store does open up and installed apps run just fine; however, I'm not able to download new apps or update existing ones. Downloads get aborted with error...
  9. Applocker not blocking -- Win10Pro, Applocker configured, AppIDsvc run

    in Windows 10 Software and Apps
    Applocker not blocking -- Win10Pro, Applocker configured, AppIDsvc run: OS: Win10Pro Applocker: configured blocking of apps and executables Applocker rules: set to enforcing Service: AppIDSvc is running I've been trying to get Edge and a couple other utilities blocked on the laptop to keep distractions to a minimum for my child who uses the...
  10. Allow or Block Access to Microsoft Store App in Windows 10

    in Windows 10 Tutorials
    Allow or Block Access to Microsoft Store App in Windows 10: How to: Allow or Block Access to Microsoft Store App in Windows 10 How to Allow or Block Access to Microsoft Store App in Windows 10 The Microsoft Store app in Windows 10 offers various apps, games, music, movies & TV, and books that users can browse through, purchase,...