Publisher|
-|Editing the hash value|In Windows XP, you could use SRP to provide custom hash values.
Beginning with Windows 7 and Windows Server 2008 R2, you can only select the file to hash, not provide the hash value.|AppLocker computes the hash value itself. Internally, it uses the SHA2 Authenticode hash for Portable Executables (exe and dll) and Windows Installers and an SHA2 flat file hash for the rest.|
-|Support for different security levels|With SRP, you can specify the permissions with which an app can run. So, you can configure a rule such that Notepad always runs with restricted permissions and never with administrative privileges.
SRP on Windows Vista and earlier supported multiple security levels. On Windows 7, that list was restricted to just two levels: Disallowed and Unrestricted (Basic User translates to Disallowed).|AppLocker does not support security levels.|
+|Editing the hash value|In Windows XP, you could use SRP to provide custom hash values.
Beginning with Windows 7 and Windows Server 2008 R2, you can only select the file to hash, and not provide the hash value.|AppLocker computes the hash value itself. Internally, it uses the SHA2 Authenticode hash for Portable Executables (exe and dll) and Windows Installers and an SHA2 flat file hash for the rest.|
+|Support for different security levels|With SRP, you can specify the permissions with which an app can run. So, you can configure a rule such that Notepad always runs with restricted permissions and never with administrative privileges.
SRP on Windows Vista and earlier supported multiple security levels. On Windows 7, that list was restricted to just two levels: Disallowed and Unrestricted (Basic User translates to Disallowed).|AppLocker doesn't support security levels.|
|Manage Packaged apps and Packaged app installers.|Not supported|.appx is a valid file type which AppLocker can manage.|
|Targeting a rule to a user or a group of users|SRP rules apply to all users on a particular computer.|AppLocker rules can be targeted to a specific user or a group of users.|
-|Support for rule exceptions|SRP does not support rule exceptions.|AppLocker rules can have exceptions, which allow you to create rules such as “Allow everything from Windows except for regedit.exe”.|
-|Support for audit mode|SRP does not support audit mode. The only way to test SRP policies is to set up a test environment and run a few experiments.|AppLocker supports audit mode, which allows you to test the effect of their policy in the real production environment without impacting the user experience. Once you are satisfied with the results, you can start enforcing the policy.|
-|Support for exporting and importing policies|SRP does not support policy import/export.|AppLocker supports the importing and exporting of policies. This allows you to create AppLocker policy on a sample device, test it out and then export that policy and import it back into the desired GPO.|
+|Support for rule exceptions|SRP doesn't support rule exceptions.|AppLocker rules can have exceptions, which allow you to create rules such as “Allow everything from Windows except for regedit.exe”.|
+|Support for audit mode|SRP doesn't support audit mode. The only way to test SRP policies is to set up a test environment and run a few experiments.|AppLocker supports audit mode, which allows you to test the effect of their policy in the real production environment without impacting the user experience. Once you're satisfied with the results, you can start enforcing the policy.|
+|Support for exporting and importing policies|SRP doesn't support policy import/export.|AppLocker supports the importing and exporting of policies. This support by AppLocker allows you to create AppLocker policy on a sample device, test it out and then export that policy and import it back into the desired GPO.|
|Rule enforcement|Internally, SRP rules enforcement happens in the user-mode, which is less secure.|Internally, AppLocker rules for .exe and .dll files are enforced in the kernel-mode, which is more secure than enforcing them in the user-mode.|
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md
index 636ea5f18b..2751109b02 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md
@@ -43,7 +43,7 @@ Local Security policy snap-in, you must be a member of the local **Administrator
The [Get-AppLockerFileInformation](/powershell/module/applocker/get-applockerfileinformation) cmdlet retrieves the AppLocker file information from a list of files or from an event log. File information that is retrieved can include publisher information, file hash information, and file path information.
-File information from an event log may not contain all of these fields. Files that are not signed do not have any publisher information.
+File information from an event log may not contain all of these fields. Files that aren't signed don't have any publisher information.
### Set AppLocker policy
@@ -62,6 +62,6 @@ list of file information.
The [Test-AppLockerPolicy](/powershell/module/applocker/test-applockerpolicy) cmdlet uses the specified AppLocker policy to test whether a specified list of files are allowed to run or not on the local device for a specific user.
-## Additional resources
+## Other resources
- For steps to perform other AppLocker policy tasks, see [Administer AppLocker](administer-applocker.md).
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md
index 0274a768dd..c034755acb 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md
@@ -39,7 +39,7 @@ The AppLocker log contains information about applications that are affected by A
- The rule name
- The security identifier (SID) for the user or group identified in the rule
-Review the entries in the Event Viewer to determine if any applications are not included in the rules that you automatically generated. For instance, some line-of-business apps are installed to non-standard locations, such as the root of the active drive (for example: %SystemDrive%).
+Review the entries in the Event Viewer to determine if any applications aren't included in the rules that you automatically generated. For instance, some line-of-business apps are installed to non-standard locations, such as the root of the active drive (for example: %SystemDrive%).
For info about what to look for in the AppLocker event logs, see [Monitor app usage with AppLocker](monitor-application-usage-with-applocker.md).
@@ -52,14 +52,14 @@ The following table contains information about the events that you can use to de
| Event ID | Level | Event message | Description |
| - | - | - | - |
-| 8000 | Error| Application Identity Policy conversion failed. Status *<%1> *| Indicates that the policy was not applied correctly to the computer. The status message is provided for troubleshooting purposes.|
+| 8000 | Error| Application Identity Policy conversion failed. Status *<%1> *| Indicates that the policy wasn't applied correctly to the computer. The status message is provided for troubleshooting purposes.|
| 8001 | Information| The AppLocker policy was applied successfully to this computer.| Indicates that the AppLocker policy was successfully applied to the computer.|
| 8002 | Information| *<File name> * was allowed to run.| Specifies that the .exe or .dll file is allowed by an AppLocker rule.|
-| 8003 | Warning| *<File name> * was allowed to run but would have been prevented from running if the AppLocker policy were enforced.| Applied only when the **Audit only** enforcement mode is enabled. Specifies that the .exe or .dll file would be blocked if the **Enforce rules** enforcement mode were enabled. |
-| 8004 | Error| *<File name> * was not allowed to run.| Access to *<file name>* is restricted by the administrator. Applied only when the **Enforce rules** enforcement mode is set either directly or indirectly through Group Policy inheritance. The .exe or .dll file cannot run.|
+| 8003 | Warning| *<File name> * was allowed to run but would have been prevented from running if the AppLocker policy was enforced.| Applied only when the **Audit only** enforcement mode is enabled. Specifies that the .exe or .dll file would be blocked if the **Enforce rules** enforcement mode were enabled. |
+| 8004 | Error| *<File name> * was not allowed to run.| Access to *<file name>* is restricted by the administrator. Applied only when the **Enforce rules** enforcement mode is set either directly or indirectly through Group Policy inheritance. The .exe or .dll file can't run.|
| 8005| Information| *<File name> * was allowed to run.| Specifies that the script or .msi file is allowed by an AppLocker rule.|
-| 8006 | Warning| *<File name> * was allowed to run but would have been prevented from running if the AppLocker policy were enforced.| Applied only when the **Audit only** enforcement mode is enabled. Specifies that the script or .msi file would be blocked if the **Enforce rules** enforcement mode were enabled. |
-| 8007 | Error| *<File name> * was not allowed to run.| Access to *<file name>* is restricted by the administrator. Applied only when the **Enforce rules** enforcement mode is set either directly or indirectly through Group Policy inheritance. The script or .msi file cannot run.|
+| 8006 | Warning| *<File name> * was allowed to run but would have been prevented from running if the AppLocker policy was enforced.| Applied only when the **Audit only** enforcement mode is enabled. Specifies that the script or .msi file would be blocked if the **Enforce rules** enforcement mode were enabled. |
+| 8007 | Error| *<File name> * was not allowed to run.| Access to *<file name>* is restricted by the administrator. Applied only when the **Enforce rules** enforcement mode is set either directly or indirectly through Group Policy inheritance. The script or .msi file can't run.|
| 8008| Error| AppLocker disabled on the SKU.| Added in Windows Server 2012 and Windows 8.|
| 8020| Information| Packaged app allowed.| Added in Windows Server 2012 and Windows 8.|
| 8021| Information| Packaged app audited.| Added in Windows Server 2012 and Windows 8.|
@@ -68,12 +68,12 @@ The following table contains information about the events that you can use to de
| 8024 | Information| Packaged app installation audited.| Added in Windows Server 2012 and Windows 8.|
| 8025 | Warning| Packaged app installation disabled.| Added in Windows Server 2012 and Windows 8.|
| 8027 | Warning| No Packaged app rule configured.| Added in Windows Server 2012 and Windows 8.|
-| 8028 | Warning | * was allowed to run but would have been prevented if the Config CI policy were enforced.| Added in Windows Server 2016 and Windows 10.|
+| 8028 | Warning | * was allowed to run but would have been prevented if the Config CI policy was enforced.| Added in Windows Server 2016 and Windows 10.|
| 8029 | Error | * was prevented from running due to Config CI policy.| Added in Windows Server 2016 and Windows 10.|
| 8030 | Information | ManagedInstaller check SUCCEEDED during Appid verification of * | Added in Windows Server 2016 and Windows 10.|
| 8031 | Information | SmartlockerFilter detected file * being written by process * | Added in Windows Server 2016 and Windows 10.|
-| 8032 | Error | ManagedInstaller check FAILED during Appid verification of * | Added in Windows Server 2016 and Windows 10.|
-| 8033 | Warning | ManagedInstaller check FAILED during Appid verification of * . Allowed to run due to Audit Applocker Policy. | Added in Windows Server 2016 and Windows 10.|
+| 8032 | Esrror | ManagedInstaller check FAILED during Appid verification of * | Added in Windows Server 2016 and Windows 10.|
+| 8033 | Warning | ManagedInstaller check FAILED during Appid verification of * . Allowed to run due to Audit AppLocker Policy. | Added in Windows Server 2016 and Windows 10.|
| 8034 | Information | ManagedInstaller Script check FAILED during Appid verification of * | Added in Windows Server 2016 and Windows 10.|
| 8035 | Error | ManagedInstaller Script check SUCCEEDED during Appid verification of * | Added in Windows Server 2016 and Windows 10.|
| 8036 | Error | * was prevented from running due to Config CI policy | Added in Windows Server 2016 and Windows 10.|
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md b/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md
index 47f5faeacd..96c1644d3a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md
@@ -37,7 +37,7 @@ You might want to deploy application control policies in Windows operating syste
## Use SRP and AppLocker in the same domain
-SRP and AppLocker use Group Policy for domain management. However, when policies are generated by SRP and AppLocker exist in the same domain, and they are applied through Group Policy, AppLocker policies take precedence over policies generated by SRP on computers that are running an operating system that supports AppLocker. For info about how inheritance in Group Policy applies to AppLocker policies and policies generated by SRP, see [Understand AppLocker rules and enforcement setting inheritance in Group Policy](understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md).
+SRP and AppLocker use Group Policy for domain management. However, when policies are generated by SRP and AppLocker exist in the same domain, and they're applied through Group Policy, AppLocker policies take precedence over policies generated by SRP on computers that are running an operating system that supports AppLocker. For info about how inheritance in Group Policy applies to AppLocker policies and policies generated by SRP, see [Understand AppLocker rules and enforcement setting inheritance in Group Policy](understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md).
>**Important:** As a best practice, use separate Group Policy Objects to implement your SRP and AppLocker policies. To reduce troubleshooting issues, do not combine them in the same GPO.
@@ -45,15 +45,15 @@ The following scenario provides an example of how each type of policy would affe
| Operating system | Tellers GPO with AppLocker policy | Tellers GPO with SRP | Tellers GPO with AppLocker policy and SRP |
| - | - | - | - |
-| Windows 10, Windows 8.1, Windows 8,and Windows 7 | AppLocker policies in the GPO are applied, and they supersede any local AppLocker policies.| Local AppLocker policies supersede policies generated by SRP that are applied through the GPO. | AppLocker policies in the GPO are applied, and they supersede the policies generated by SRP in the GPO and local AppLocker policies or policies generated by SRP.|
-| Windows Vista| AppLocker policies are not applied.| Policies generated by SRP in the GPO are applied, and they supersede local policies generated by SRP.AppLocker policies are not applied.| Policies generated by SRP in the GPO are applied, and they supersede local policies generated by SRP. AppLocker policies not applied.|
-| Windows XP| AppLocker policies are not applied.| Policies generated by SRP in the GPO are applied, and they supersede local policies generated by SRP. AppLocker policies are not applied.| Policies generated by SRP in the GPO are applied, and they supersede local policies generated by SRP. AppLocker policies not applied.|
+| Windows 10, Windows 8.1, Windows 8, and Windows 7 | AppLocker policies in the GPO are applied, and they supersede any local AppLocker policies.| Local AppLocker policies supersede policies generated by SRP that are applied through the GPO. | AppLocker policies in the GPO are applied, and they supersede the policies generated by SRP in the GPO and local AppLocker policies or policies generated by SRP.|
+| Windows Vista| AppLocker policies aren't applied.| Policies generated by SRP in the GPO are applied, and they supersede local policies generated by SRP.AppLocker policies aren't applied.| Policies generated by SRP in the GPO are applied, and they supersede local policies generated by SRP. AppLocker policies not applied.|
+| Windows XP| AppLocker policies aren't applied.| Policies generated by SRP in the GPO are applied, and they supersede local policies generated by SRP. AppLocker policies aren't applied.| Policies generated by SRP in the GPO are applied, and they supersede local policies generated by SRP. AppLocker policies not applied.|
>**Note:** For info about supported versions and editions of the Windows operating system, see [Requirements to use AppLocker](requirements-to-use-applocker.md).
## Test and validate SRPs and AppLocker policies that are deployed in the same environment
-Because SRPs and AppLocker policies function differently, they should not be implemented in the same GPO. This makes testing the result of the policy straightforward, which is critical to successfully controlling application usage in the organization. Configuring a testing and policy distribution system can help you understand the result of a policy. The effects of policies generated by SRP and AppLocker policies need to be tested separately and by using different tools.
+Because SRPs and AppLocker policies function differently, they shouldn't be implemented in the same GPO. This rule, when implemented, makes testing the result of the policy straightforward, which is critical to successfully controlling application usage in the organization. Configuring a testing and policy distribution system can help you understand the result of a policy. The effects of policies generated by SRP and AppLocker policies need to be tested separately and by using different tools.
### Step 1: Test the effect of SRPs
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md
index 1196a83dee..dc46fa241d 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md
@@ -76,10 +76,10 @@ The following table compares the application control functions of Software Restr
|User support|SRP allows users to install applications as an administrator.|AppLocker policies are maintained through Group Policy, and only the administrator of the device can update an AppLocker policy.AppLocker permits customization of error messages to direct users to a Web page for help.|
|Policy maintenance|SRP policies are updated by using the Local Security Policy snap-in or the Group Policy Management Console (GPMC).|AppLocker policies are updated by using the Local Security Policy snap-in or the GPMC.
AppLocker supports a small set of PowerShell cmdlets to aid in administration and maintenance.|
|Policy management infrastructure|To manage SRP policies, SRP uses Group Policy within a domain and the Local Security Policy snap-in for a local computer.|To manage AppLocker policies, AppLocker uses Group Policy within a domain and the Local Security Policy snap-in for a local computer.|
-|Block malicious scripts|Rules for blocking malicious scripts prevents all scripts associated with the Windows Script Host from running, except those that are digitally signed by your organization.|AppLocker rules can control the following file formats: .ps1, .bat, .cmd, .vbs, and .js. In addition, you can set exceptions to allow specific files to run.|
+|Block malicious scripts|Rules for blocking malicious scripts prevent all scripts associated with the Windows Script Host from running, except those scripts that are digitally signed by your organization.|AppLocker rules can control the following file formats: .ps1, .bat, .cmd, .vbs, and .js. In addition, you can set exceptions to allow specific files to run.|
|Manage software installation|SRP can prevent all Windows Installer packages from installing. It allows .msi files that are digitally signed by your organization to be installed.|The Windows Installer rule collection is a set of rules created for Windows Installer file types (.mst, .msi and .msp) to allow you to control the installation of files on client computers and servers.|
|Manage all software on the computer|All software is managed in one rule set. By default, the policy for managing all software on a device disallows all software on the user's device, except software that is installed in the Windows folder, Program Files folder, or subfolders.|Unlike SRP, each AppLocker rule collection functions as an allowed list of files. Only the files that are listed within the rule collection will be allowed to run. This configuration makes it easier for administrators to determine what will occur when an AppLocker rule is applied.|
-|Different policies for different users|Rules are applied uniformly to all users on a particular device.|On a device that is shared by multiple users, an administrator can specify the groups of users who can access the installed software. Using AppLocker, an administrator can specify the user to whom a specific rule should apply.|
+|Different policies for different users|Rules are applied uniformly to all users on a particular device.|On a device that is shared by multiple users, an administrator can specify the groups of users who can access the installed software. An administrator uses AppLocker to specify the user to whom a specific rule should apply.|
## Related topics
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md
index 4379162473..4ad45cf9e0 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md
@@ -37,7 +37,7 @@ This topic for IT professionals describes AppLocker rule types and how to work w
| [Create a rule that uses a path condition](create-a-rule-that-uses-a-path-condition.md) | This topic for IT professionals shows how to create an AppLocker rule with a path condition.|
| [Create a rule that uses a publisher condition](create-a-rule-that-uses-a-publisher-condition.md) | This topic for IT professionals shows how to create an AppLocker rule with a publisher condition.|
| [Create AppLocker default rules](create-applocker-default-rules.md) | This topic for IT professionals describes the steps to create a standard set of AppLocker rules that will allow Windows system files to run.|
-| [Add exceptions for an AppLocker rule](configure-exceptions-for-an-applocker-rule.md) | This topic for IT professionals describes the steps to specify which apps can or cannot run as exceptions to an AppLocker rule.|
+| [Add exceptions for an AppLocker rule](configure-exceptions-for-an-applocker-rule.md) | This topic for IT professionals describes the steps to specify which apps can or can't run as exceptions to an AppLocker rule.|
| [Create a rule for packaged apps](create-a-rule-for-packaged-apps.md) | This topic for IT professionals shows how to create an AppLocker rule for packaged apps with a publisher condition.|
| [Delete an AppLocker rule](delete-an-applocker-rule.md) | This topic for IT professionals describes the steps to delete an AppLocker rule.|
| [Edit AppLocker rules](edit-applocker-rules.md) | This topic for IT professionals describes the steps to edit a publisher rule, path rule, and file hash rule in AppLocker.|
@@ -49,11 +49,11 @@ The three AppLocker enforcement modes are described in the following table. The
| Enforcement mode | Description |
| - | - |
-| **Not configured** | This is the default setting which means that the rules defined here will be enforced unless a linked GPO with a higher precedence has a different value for this setting.|
+| **Not configured** | This is the default setting, which means that the rules defined here will be enforced unless a linked GPO with a higher precedence has a different value for this setting.|
| **Enforce rules** | Rules are enforced.|
-| **Audit only** | Rules are audited but not enforced. When a user runs an app that is affected by an AppLocker rule, the app is allowed to run and the info about the app is added to the AppLocker event log. The Audit-only enforcement mode helps you determine which apps will be affected by the policy before the policy is enforced. When the AppLocker policy for a rule collection is set to **Audit only**, rules for that rule collection are not enforced|
+| **Audit only** | Rules are audited but not enforced. When a user runs an app that is affected by an AppLocker rule, the app is allowed to run and the info about the app is added to the AppLocker event log. The Audit-only enforcement mode helps you determine which apps will be affected by the policy before the policy is enforced. When the AppLocker policy for a rule collection is set to **Audit only**, rules for that rule collection aren't enforced|
-When AppLocker policies from various GPOs are merged, the rules from all the GPOs are merged and the enforcement mode setting of the winning GPO is applied.
+When AppLocker policies from various GPOs are merged, the rules from all the GPOs are merged, and the enforcement mode setting of the winning GPO is applied.
## Rule collections
The AppLocker console is organized into rule collections, which are executable files, scripts, Windows Installer files, packaged apps and packaged app installers, and DLL files. These collections give you an easy way to differentiate the rules for different types of apps. The following table lists the file formats that are included in each rule collection.
@@ -70,9 +70,9 @@ The AppLocker console is organized into rule collections, which are executable f
When DLL rules are used, AppLocker must check each DLL that an application loads. Therefore, users may experience a reduction in performance if DLL rules are used.
-The DLL rule collection is not enabled by default. To learn how to enable the DLL rule collection, see [DLL rule collections](#bkmk-dllrulecollections).
+The DLL rule collection isn't enabled by default. To learn how to enable the DLL rule collection, see [DLL rule collections](#bkmk-dllrulecollections).
-EXE rules apply to portable executable (PE) files. AppLocker checks whether a file is a valid PE file, rather than just applying rules based on file extension, which attackers can easily change. Regardless of the file extension, the AppLocker EXE rule collection will work on a file as long as it is a valid PE file.
+EXE rules apply to portable executable (PE) files. AppLocker checks whether a file is a valid PE file, rather than just applying rules based on file extension, which attackers can easily change. Regardless of the file extension, the AppLocker EXE rule collection will work on a file as long as it's a valid PE file.
## Rule conditions
@@ -84,13 +84,13 @@ Rule conditions are criteria that help AppLocker identify the apps to which the
### Publisher
-This condition identifies an app based on its digital signature and extended attributes when available. The digital signature contains info about the company that created the app (the publisher). Executable files, dlls, Windows installers, packaged apps and packaged app installers also have extended attributes, which are obtained from the binary resource. In case of executable files, dlls and Windows installers, these attributes contain the name of the product that the file is a part of, the original name of the file as supplied by the publisher, and the version number of the file. In case of packaged apps and packaged app installers, these extended attributes contain the name and the version of the app package.
+This condition identifies an app based on its digital signature and extended attributes when available. The digital signature contains info about the company that created the app (the publisher). Executable files, dlls, Windows installers, packaged apps and packaged app installers also have extended attributes, which are obtained from the binary resource. If there's executable files, dlls and Windows installers, these attributes contain the name of the product that the file is a part of, the original name of the file as supplied by the publisher, and the version number of the file. If there are packaged apps and packaged app installers, these extended attributes contain the name and the version of the app package.
> **Note:** Rules created in the packaged apps and packaged app installers rule collection can only have publisher conditions since Windows does not support unsigned packaged apps and packaged app installers.
>
> **Note:** Use a publisher rule condition when possible because they can survive app updates as well as a change in the location of files.
-When you select a reference file for a publisher condition, the wizard creates a rule that specifies the publisher, product, file name, and version number. You can make the rule more generic by moving the slider up or by using a wildcard character (\*) in the product, file name, or version number fields.
+When you select a reference file for a publisher condition, the wizard creates a rule that specifies the publisher, product, file name, and version number. You can make the rule more generic by moving up the slider or by using a wildcard character (\*) in the product, file name, or version number fields.
>**Note:** To enter custom values for any of the fields of a publisher rule condition in the Create Rules Wizard, you must select the **Use custom values** check box. When this check box is selected, you cannot use the slider.
@@ -108,8 +108,8 @@ The following table describes how a publisher condition is applied.
| **All signed files** | All files that are signed by any publisher.|
| **Publisher only**| All files that are signed by the named publisher.|
| **Publisher and product name**| All files for the specified product that are signed by the named publisher.|
-| **Publisher and product name, and file name**| Any version of the named file or package for the named product that are signed by the publisher.|
-| **Publisher, product name, file name, and file version**| **Exactly**
The specified version of the named file or package for the named product that are signed by the publisher.|
+| **Publisher and product name, and file name**| Any version of the named file or package for the named product that is signed by the publisher.|
+| **Publisher, product name, file name, and file version**| **Exactly**
The specified version of the named file or package for the named product that is signed by the publisher.|
| **Publisher, product name, file name, and file version**| **And above**
The specified version of the named file or package and any new releases for the product that are signed by the publisher.|
| **Publisher, product name, file name, and file version**| **And below**
The specified version of the named file or package and any earlier versions for the product that are signed by the publisher.|
| **Custom**| You can edit the **Publisher**, **Product name**, **File name**, **Version** **Package name**, and **Package version** fields to create a custom rule.|
@@ -184,13 +184,13 @@ A rule can be configured to use allow or deny actions:
## Rule exceptions
-You can apply AppLocker rules to individual users or to a group of users. If you apply a rule to a group of users, all users in that group are affected by that rule. If you need to allow a subset of a user group to use an app, you can create a special rule for that subset. For example, the rule "Allow everyone to run Windows except Registry Editor" allows everyone in the organization to run the Windows operating system, but it does not allow anyone to run Registry Editor.
+You can apply AppLocker rules to individual users or to a group of users. If you apply a rule to a group of users, all users in that group are affected by that rule. If you need to allow a subset of a user group to use an app, you can create a special rule for that subset. For example, the rule "Allow everyone to run Windows except Registry Editor" allows everyone in the organization to run the Windows operating system, but it doesn't allow anyone to run Registry Editor.
-The effect of this rule would prevent users such as Help Desk personnel from running a program that is necessary for their support tasks. To resolve this problem, create a second rule that applies to the Help Desk user group: "Allow Help Desk to run Registry Editor." If you create a deny rule that does not allow any users to run Registry Editor, the deny rule will override the second rule that allows the Help Desk user group to run Registry Editor.
+The effect of this rule would prevent users such as Help Desk personnel from running a program that is necessary for their support tasks. To resolve this problem, create a second rule that applies to the Help Desk user group: "Allow Help Desk to run Registry Editor." If you create a deny rule that doesn't allow any users to run Registry Editor, the deny rule will override the second rule that allows the Help Desk user group to run Registry Editor.
## DLL rule collection
-Because the DLL rule collection is not enabled by default, you must perform the following procedure before you can create and enforce DLL rules.
+Because the DLL rule collection isn't enabled by default, you must perform the following procedure before you can create and enforce DLL rules.
Membership in the local **Administrators** group, or equivalent, is the minimum required to complete this procedure.
@@ -208,21 +208,21 @@ Membership in the local **Administrators** group, or equivalent, is the minimum
You can create rules by using two AppLocker wizards:
1. The Create Rules Wizard enables you to create one rule at a time.
-2. The Automatically Generate Rules Wizard allows you to create multiple rules at one time. You can either select a folder and let the wizard create rules for the relevant files within that folder or in case of packaged apps let the wizard create rules for all packaged apps installed on the computer. You can also specify the user or group to which to apply the rules. This wizard automatically generates allow rules only.
+2. The Automatically Generate Rules Wizard allows you to create multiple rules at one time. You can either select a folder and let the wizard create rules for the relevant files within that folder or if there are packaged apps let the wizard create rules for all packaged apps installed on the computer. You can also specify the user or group to which to apply the rules. This wizard automatically generates allow rules only.
-## Additional considerations
+## Other considerations
-- By default, AppLocker rules do not allow users to open or run any files that are not specifically allowed. Administrators should maintain an up-to-date list of allowed applications.
-- There are two types of AppLocker conditions that do not persist following an update of an app:
+- By default, AppLocker rules don't allow users to open or run any files that aren't allowed. Administrators should maintain an up-to-date list of allowed applications.
+- There are two types of AppLocker conditions that don't persist following an update of an app:
- **A file hash condition** File hash rule conditions can be used with any app because a cryptographic hash value of the app is generated at the time the rule is created. However, the hash value is specific to that exact version of the app. If there are several versions of the application in use within the organization, you need to create file hash conditions for each version in use and for any new versions that are released.
- - **A publisher condition with a specific product version set** If you create a publisher rule condition that uses the **Exactly** version option, the rule cannot persist if a new version of the app is installed. A new publisher condition must be created, or the version must be edited in the rule to be made less specific.
+ - **A publisher condition with a specific product version set** If you create a publisher rule condition that uses the **Exactly** version option, the rule can't persist if a new version of the app is installed. A new publisher condition must be created, or the version must be edited in the rule to be made less specific.
-- If an app is not digitally signed, you cannot use a publisher rule condition for that app.
-- AppLocker rules cannot be used to manage computers running a Windows operating system earlier than Windows Server 2008 R2 or Windows 7. Software Restriction Policies must be used instead. If AppLocker rules are defined in a Group Policy Object (GPO), only those rules are applied. To ensure interoperability between Software Restriction Policies rules and AppLocker rules, define Software Restriction Policies rules and AppLocker rules in different GPOs.
+- If an app isn't digitally signed, you can't use a publisher rule condition for that app.
+- AppLocker rules can't be used to manage computers running a Windows operating system earlier than Windows Server 2008 R2 or Windows 7. Software Restriction Policies must be used instead. If AppLocker rules are defined in a Group Policy Object (GPO), only those rules are applied. To ensure interoperability between Software Restriction Policies rules and AppLocker rules, define Software Restriction Policies rules and AppLocker rules in different GPOs.
- The packaged apps and packaged apps installer rule collection is available on devices running at least Windows Server 2012 and Windows 8.
-- When the rules for the executable rule collection are enforced and the packaged apps and packaged app installers rule collection does not contain any rules, no packaged apps and packaged app installers are allowed to run. In order to allow any packaged apps and packaged app installers, you must create rules for the packaged apps and packaged app installers rule collection.
-- When an AppLocker rule collection is set to **Audit only**, the rules are not enforced. When a user runs an application that is included in the rule, the app is opened and runs normally, and information about that app is added to the AppLocker event log.
+- When the rules for the executable rule collection are enforced and the packaged apps and packaged app installers rule collection doesn't contain any rules, no packaged apps and packaged app installers are allowed to run. In order to allow any packaged apps and packaged app installers, you must create rules for the packaged apps and packaged app installers rule collection.
+- When an AppLocker rule collection is set to **Audit only**, the rules aren't enforced. When a user runs an application that is included in the rule, the app is opened and runs normally, and information about that app is added to the AppLocker event log.
- A custom configured URL can be included in the message that is displayed when an app is blocked.
-- Expect an increase in the number of Help Desk calls initially because of blocked apps until users understand that they cannot run apps that are not allowed.
+- Expect an increase in the number of Help Desk calls initially because of blocked apps until users understand that they can't run apps that aren't allowed.
diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
index 839aa3a791..ec6a1a8178 100644
--- a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
+++ b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
@@ -33,7 +33,7 @@ Windows 10 (version 1703) introduced a new option for Windows Defender Applicati
## How does a managed installer work?
-Managed installer uses a special rule collection in **AppLocker** to designate binaries that are trusted by your organization as an authorized source for application installation. When one of these trusted binaries runs, Windows monitors the binary's process (and processes it launches) and watches for files being written to disk. As files are written, they are tagged as originating from a managed installer.
+Managed installer uses a special rule collection in **AppLocker** to designate binaries that are trusted by your organization as an authorized source for application installation. When one of these trusted binaries runs, Windows monitors the binary's process (and processes it launches) and watches for files being written to disk. As files are written, they're tagged as originating from a managed installer.
You can then configure WDAC to trust files that are installed by a managed installer by adding the "Enabled:Managed Installer" option to your WDAC policy. When that option is set, WDAC will check for managed installer origin information when determining whether or not to allow a binary to run. As long as there are no deny rules for the binary, WDAC will allow it to run based purely on its managed installer origin.
@@ -45,7 +45,7 @@ Users with administrator privileges, or malware running as an administrator user
If a managed installer process runs in the context of a user with standard privileges, then it's possible that standard users or malware running as standard user may be able to circumvent the intent of Windows Defender Application Control.
-Some application installers may automatically run the application at the end of the installation process. If this happens when the installer is run by a managed installer, then the managed installer's heuristic tracking and authorization will extend to all files that are created during the first run of the application. This could result in unintentional authorization of an executable. To avoid that, ensure that the method of application deployment that is used as a managed installer limits running applications as part of installation.
+Some application installers may automatically run the application at the end of the installation process. If this execution of the application happens when the installer is run by a managed installer, then the managed installer's heuristic tracking and authorization will extend to all files that are created during the first run of the application. This extension could result in unintentional authorization of an executable. To avoid that, ensure that the method of application deployment that is used as a managed installer limits running applications as part of installation.
## Known limitations with managed installer
@@ -66,11 +66,11 @@ To turn on managed installer tracking, you must:
### Create and deploy an AppLocker policy that defines your managed installer rules and enables services enforcement for executables and DLLs
-Currently, neither the AppLocker policy creation UI in GPO Editor nor the PowerShell cmdlets allow for directly specifying rules for the Managed Installer rule collection. However, you can use an XML or text editor to convert an EXE rule collection policy into a ManagedInstaller rule collection.
+Currently, both the AppLocker policy creation UI in GPO Editor and the PowerShell cmdlets allow for directly specifying rules for the Managed Installer rule collection. However, you can use an XML or text editor to convert an EXE rule collection policy into a ManagedInstaller rule collection.
> [!NOTE]
> Only EXE file types can be designated as managed installers.
-1. Use [New-AppLockerPolicy](/powershell/module/applocker/new-applockerpolicy?view=win10-ps&preserve-view=true) to make an EXE rule for the file you are designating as a managed installer. This example creates a rule for Microsoft's Intune Management Extension using the Publisher rule type, but any AppLocker rule type can be used. You may need to reformat the output for readability.
+1. Use [New-AppLockerPolicy](/powershell/module/applocker/new-applockerpolicy?view=win10-ps&preserve-view=true) to make an EXE rule for the file you're designating as a managed installer. This example creates a rule for Microsoft's Intune Management Extension using the Publisher rule type, but any AppLocker rule type can be used. You may need to reformat the output for readability.
```powershell
Get-ChildItem ${env:ProgramFiles(x86)}'\Microsoft Intune Management Extension\Microsoft.Management.Services.IntuneWindowsAgent.exe' | Get-AppLockerFileInformation | New-AppLockerPolicy -RuleType Publisher -User Everyone -Xml > AppLocker_MI_PS_ISE.xml
@@ -125,7 +125,7 @@ Currently, neither the AppLocker policy creation UI in GPO Editor nor the PowerS
```
-4. Verify your AppLocker policy. The following example shows a complete AppLocker policy that sets Configuration Manager and Microsoft Endpoint Manager Intune as managed installers. Only those AppLocker rule collections that have actual rules defined are included in the final XML. This ensures the policy will merge successfully on devices which may already have an AppLocker policy in place.
+4. Verify your AppLocker policy. The following example shows a complete AppLocker policy that sets Configuration Manager and Microsoft Endpoint Manager Intune as managed installers. Only those AppLocker rule collections that have actual rules defined are included in the final XML. This condition-based inclusion ensures the policy will merge successfully on devices that may already have an AppLocker policy in place.
```xml
@@ -205,7 +205,7 @@ Currently, neither the AppLocker policy creation UI in GPO Editor nor the PowerS
## Enable the managed installer option in WDAC policy
In order to enable trust for the binaries laid down by managed installers, the "Enabled: Managed Installer" option must be specified in your WDAC policy.
-This can be done by using the [Set-RuleOption cmdlet](/powershell/module/configci/set-ruleoption) with Option 13.
+This setting can be defined by using the [Set-RuleOption cmdlet](/powershell/module/configci/set-ruleoption) with Option 13.
Below are steps to create a WDAC policy that allows Windows to boot and enables the managed installer option.
@@ -232,7 +232,7 @@ Below are steps to create a WDAC policy that allows Windows to boot and enables
## Remove Managed Installer feature
-To remove the Managed Installer feature from the device, you will need to remove the Managed Installer AppLocker policy from the device by following the instructions at [Delete an AppLocker rule: Clear AppLocker policies on a single system or remote systems](applocker/delete-an-applocker-rule.md#to-clear-applocker-policies-on-a-single-system-or-remote-systems).
+To remove the Managed Installer feature from the device, you'll need to remove the Managed Installer AppLocker policy from the device by following the instructions at [Delete an AppLocker rule: Clear AppLocker policies on a single system or remote systems](applocker/delete-an-applocker-rule.md#to-clear-applocker-policies-on-a-single-system-or-remote-systems).
## Related articles
From 7978790d0b42c0d7533fdf9c76ece2b9808eb545 Mon Sep 17 00:00:00 2001
From: Siddarth Mandalika
Date: Mon, 25 Jul 2022 12:21:31 +0530
Subject: [PATCH 3/6] made changes to language
---
.../monitor-application-usage-with-applocker.md | 10 +++++-----
...uthorized-apps-deployed-with-a-managed-installer.md | 2 +-
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md
index 0545d013ef..8ffba58478 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md
@@ -41,25 +41,25 @@ You can evaluate how the AppLocker policy is currently implemented for documenta
When AppLocker policy enforcement is set to **Enforce rules**, rules are enforced for the rule collection and all events are audited. When AppLocker policy enforcement is set to **Audit only**, rules aren't enforced but are still evaluated to generate audit event data that is written to the AppLocker logs.
- For information on the procedure to access the log, see [View the AppLocker Log in Event Viewer](#bkmk-applkr-view-log).
+ For more information on the procedure to access the log, see [View the AppLocker Log in Event Viewer](#bkmk-applkr-view-log).
- **Enable the Audit only AppLocker enforcement setting**
By using the **Audit only** enforcement setting, you can ensure that the AppLocker rules are properly configured for your organization. When AppLocker policy enforcement is set to **Audit only**, rules are only evaluated but all events generated from that evaluation are written to the AppLocker log.
- For information on the procedure to do this configuration, see [Configure an AppLocker policy for audit only](configure-an-applocker-policy-for-audit-only.md).
+ For more information on the procedure to do this configuration, see [Configure an AppLocker policy for audit only](configure-an-applocker-policy-for-audit-only.md).
- **Review AppLocker events with Get-AppLockerFileInformation**
For both event subscriptions and local events, you can use the **Get-AppLockerFileInformation** Windows PowerShell cmdlet to determine which files have been blocked or would have been blocked (if you're using the audit-only enforcement mode) and how many times the event has occurred for each file.
- For information on the procedure to do this verification, see [Review AppLocker Events with Get-AppLockerFileInformation](#bkmk-applkr-review-events).
+ For more information on the procedure to do this verification, see [Review AppLocker Events with Get-AppLockerFileInformation](#bkmk-applkr-review-events).
- **Review AppLocker events with Test-AppLockerPolicy**
You can use the **Test-AppLockerPolicy** Windows PowerShell cmdlet to determine whether any of the rules in your rule collections will be blocked on your reference device or the device on which you maintain policies.
- For information on the procedure to do this testing, see [Test an AppLocker policy by using Test-AppLockerPolicy](test-an-applocker-policy-by-using-test-applockerpolicy.md).
+ For more information on the procedure to do this testing, see [Test an AppLocker policy by using Test-AppLockerPolicy](test-an-applocker-policy-by-using-test-applockerpolicy.md).
### Review AppLocker events with Get-AppLockerFileInformation
@@ -93,7 +93,7 @@ Membership in the local **Administrators** group, or equivalent, is the minimum
**To view events in the AppLocker log by using Event Viewer**
-1. Open Event Viewer by clicking **Start**, typing **eventvwr.msc**, and then pressing ENTER.
+1. To open Event Viewer, go to the **Start**, type **eventvwr.msc**, and then select ENTER.
2. In the console tree under **Application and Services Logs\\Microsoft\\Windows**, double-click **AppLocker**.
AppLocker events are listed in either the **EXE and DLL** log, the **MSI and Script** log, or the **Packaged app-Deployment** or **Packaged app-Execution** log. Event information includes the enforcement setting, file name, date and time, and user name. The logs can be exported to other file
diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
index ec6a1a8178..21091a96b4 100644
--- a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
+++ b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
@@ -45,7 +45,7 @@ Users with administrator privileges, or malware running as an administrator user
If a managed installer process runs in the context of a user with standard privileges, then it's possible that standard users or malware running as standard user may be able to circumvent the intent of Windows Defender Application Control.
-Some application installers may automatically run the application at the end of the installation process. If this execution of the application happens when the installer is run by a managed installer, then the managed installer's heuristic tracking and authorization will extend to all files that are created during the first run of the application. This extension could result in unintentional authorization of an executable. To avoid that, ensure that the method of application deployment that is used as a managed installer limits running applications as part of installation.
+Some application installers may automatically run the application at the end of the installation process. If the application runs, and the installer was run by a managed installer, then the managed installer's heuristic tracking and authorization will extend to all files that are created during the first run of the application. This extension could result in unintentional authorization of an executable. To avoid that, ensure that the method of application deployment that is used as a managed installer limits running applications as part of installation.
## Known limitations with managed installer
From 5e2a0ebace67caa46c4e345687b5b40a2633e302 Mon Sep 17 00:00:00 2001
From: Siddarth Mandalika
Date: Mon, 25 Jul 2022 12:22:16 +0530
Subject: [PATCH 4/6] Update
configure-authorized-apps-deployed-with-a-managed-installer.md
---
...nfigure-authorized-apps-deployed-with-a-managed-installer.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
index 21091a96b4..4a69a73487 100644
--- a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
+++ b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
@@ -45,7 +45,7 @@ Users with administrator privileges, or malware running as an administrator user
If a managed installer process runs in the context of a user with standard privileges, then it's possible that standard users or malware running as standard user may be able to circumvent the intent of Windows Defender Application Control.
-Some application installers may automatically run the application at the end of the installation process. If the application runs, and the installer was run by a managed installer, then the managed installer's heuristic tracking and authorization will extend to all files that are created during the first run of the application. This extension could result in unintentional authorization of an executable. To avoid that, ensure that the method of application deployment that is used as a managed installer limits running applications as part of installation.
+Some application installers may automatically run the application at the end of the installation process. If the application runs automatically, and the installer was run by a managed installer, then the managed installer's heuristic tracking and authorization will extend to all files that are created during the first run of the application. This extension could result in unintentional authorization of an executable. To avoid that, ensure that the method of application deployment that is used as a managed installer limits running applications as part of installation.
## Known limitations with managed installer
From 25f518eb782dfce6435eb5e3f096e4b55c3e3649 Mon Sep 17 00:00:00 2001
From: Siddarth Mandalika
Date: Mon, 25 Jul 2022 13:50:34 +0530
Subject: [PATCH 5/6] Update monitor-application-usage-with-applocker.md
---
.../applocker/monitor-application-usage-with-applocker.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md
index 8ffba58478..2a7f113724 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/monitor-application-usage-with-applocker.md
@@ -93,7 +93,7 @@ Membership in the local **Administrators** group, or equivalent, is the minimum
**To view events in the AppLocker log by using Event Viewer**
-1. To open Event Viewer, go to the **Start**, type **eventvwr.msc**, and then select ENTER.
+1. To open Event Viewer, go to the **Start** menu, type **eventvwr.msc**, and then select ENTER.
2. In the console tree under **Application and Services Logs\\Microsoft\\Windows**, double-click **AppLocker**.
AppLocker events are listed in either the **EXE and DLL** log, the **MSI and Script** log, or the **Packaged app-Deployment** or **Packaged app-Execution** log. Event information includes the enforcement setting, file name, date and time, and user name. The logs can be exported to other file
From 51d2581c901a48285a07553ab9b7a3c91c5662de Mon Sep 17 00:00:00 2001
From: Stephanie Savell <101299710+v-stsavell@users.noreply.github.com>
Date: Wed, 3 Aug 2022 10:21:54 -0500
Subject: [PATCH 6/6] Update
windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md
---
.../applocker/using-event-viewer-with-applocker.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md
index c034755acb..59111cd93d 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/using-event-viewer-with-applocker.md
@@ -72,7 +72,7 @@ The following table contains information about the events that you can use to de
| 8029 | Error | * was prevented from running due to Config CI policy.| Added in Windows Server 2016 and Windows 10.|
| 8030 | Information | ManagedInstaller check SUCCEEDED during Appid verification of * | Added in Windows Server 2016 and Windows 10.|
| 8031 | Information | SmartlockerFilter detected file * being written by process * | Added in Windows Server 2016 and Windows 10.|
-| 8032 | Esrror | ManagedInstaller check FAILED during Appid verification of * | Added in Windows Server 2016 and Windows 10.|
+| 8032 | Error | ManagedInstaller check FAILED during Appid verification of * | Added in Windows Server 2016 and Windows 10.|
| 8033 | Warning | ManagedInstaller check FAILED during Appid verification of * . Allowed to run due to Audit AppLocker Policy. | Added in Windows Server 2016 and Windows 10.|
| 8034 | Information | ManagedInstaller Script check FAILED during Appid verification of * | Added in Windows Server 2016 and Windows 10.|
| 8035 | Error | ManagedInstaller Script check SUCCEEDED during Appid verification of * | Added in Windows Server 2016 and Windows 10.|