AppLocker CSP forces reboot during OOBE

2025-06-22 22:03:46 +00:00 · 2020-04-29 16:26:13 -07:00
parent 5fbaa60557
commit 7868aebb5b
2 changed files with 8 additions and 3 deletions
--- a/windows/client-management/mdm/applocker-csp.md
+++ b/windows/client-management/mdm/applocker-csp.md
@ -34,6 +34,8 @@ Defines restrictions for applications.
 >
 > Delete/unenrollment is not properly supported unless Grouping values are unique across enrollments. If multiple enrollments use the same Grouping value, then unenrollment will not work as expected since there are duplicate URIs that get deleted by the resource manager. To prevent this problem, the Grouping value should include some randomness. The best practice is to use a randomly generated GUID. However, there is no requirement on the exact value of the node.

+> [!NOTE]
+> Deploying policies via the AppLocker CSP will force a reboot during OOBE.

 Additional information:

@ -1754,7 +1756,7 @@ In this example, Contoso is the node name. We recommend using a GUID for this no
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE" BinaryName="WINWORD.EXE">
          <BinaryVersionRange LowSection="16.0.10336.20000" HighSection="*" />
        </FilePublisherCondition>
-      </Exceptions>	
+      </Exceptions>    
  </FilePublisherRule>
  <FilePublisherRule Id="de9f3461-6856-405d-9624-a80ca701f6cb" Name="MICROSOFT OFFICE 2003, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
    <Conditions>