![]() ![]() Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/DLLGroup/DLL/Policy Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/ScriptGroup/Script/Policy Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/MSIGroup/MSI/Policy Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/EXEGroup/EXE/Policy Here are the OMA-URI’s you will need for each category Now we have the XML’s we need, we can create a CSP for each category. You will need to make sure for each rule, you copy-paste everything like below. You will need to divide this XML into 5 parts, because if you combine them as 1 XML, Intune isn’t going to accept that XMLĪs an example, this is the one for EXE. Before we could copy/paste the XML information into Intune we need to export it. This is also your pitfall, in the default Applocker rules… PowerShell is allowed to be executed for all users. If you take a look at the Applocker Executable rules, you will notice it contains 3 rules to make sure all Windows and Program files folders and files are allowed for everyone and 1 rule to be sure all files and folders are allowed for building\administrators. You could do so, by right-clicking on the Applocker configuration and pressing properties.Īfter you have enabled the DLL collection, we need to make sure we have some default rules to start with, so right-click and press: “ Create default rules“. Before we proceed we need to enable the DLL Rule. When you’re looking at the categories, you will notice: DLL is missing. When we want to deploy an Applocker policy to our devices that are enrolled in Intune we need to start by opening the Group Policy Object Editor and open computer configuration/windows settings/ security settings/Applocker. What if I tell you, you can deploy a complete Applocker policy just within a few seconds? So in Part 2 of the blog, I will show you how you could automate this with Powershell. In one of my last blogs, I explained how to make sure access to Administrative Tools can be restricted using a GUI. This (updated) blog will show you how you could manually configure Applocker and how to import the XML into a CSP in Intune. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |