I think he’s asking about the text you copied from your .xml file into the string window . You showed how to block .exe & .appx only. The .appx is 9 lines of text. To block .Msi do you just use that 1 line of text ?
Hey Robert, how do you deploy the Managed Installer Applocker policy via intune. Is there a Custom URI for this? Like "./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/Native/ManagedInstaller/Policy"? As you separate each policy . How do you deploy through Intune, the ? The Documents on MS website only mention how deploy through GPO or running a Script. cheers mate.
@@directorcia thanks. I created a small power shell script in Intune that turns on the service and sets it to automatic start. It’s working good so far.
@@inlinesix6694 If u apply AppLocker via the Intune process I highlighted using the OMI URL, everything, including starting the service, is done for you. If you use Intune for AppLocker via the method I show there should be no need for additional scripting as Intune handles the lot. I would also suggest that you really should be using WDAC rather than AppLocker as that is newer technology amd WDAC is what MS recommends you use.
@@directorcia you are right. I tried without the power shell script and all is working. I was considered MDAC but just have not spent the time researching how much is involved to just block google chrome from installing. The applocker was quick and easy though for my need.
@@directorcia what about blocking specific .exe files only? I mean as per tutorial, which is great, and thank you for your effort...the video describes blocking all .exe files right? and should I choose a specific .exe file it would work the same?
Thanks for video. Please tell me more. What is condition need to configuration an Applocker? Ex: AD on-prime, PC joined domain? or Just Intune. Thank you
Awesome tutorial man. Worked like a charm for my AD!
Thanks as always Rob 👍
great video! can I whitelist a path? what i mean to say is, I would like a particular path that is exempt from applocker policies.
You can whatever you wish with the appropriate policy.
Hey Mate. Fantastic video and some great clear explanations. Can I ask what resource you used to locate the correct OMA-URA?
docs.microsoft.com/en-us/windows/client-management/mdm/applocker-csp
Great video thanks!
Great video, exactly what i was looking for. What is the value I have to insert for msi?
Sorry? value for MSI?
I think he’s asking about the text you copied from your .xml file into the string window . You showed how to block .exe & .appx only.
The .appx is 9 lines of text. To block .Msi do you just use that 1 line of text ?
@@nvidiashield495 😎
Hey Robert, how do you deploy the Managed Installer Applocker policy via intune. Is there a Custom URI for this? Like "./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/Native/ManagedInstaller/Policy"? As you separate each policy . How do you deploy through Intune, the ?
The Documents on MS website only mention how deploy through GPO or running a Script.
cheers mate.
I have no idea I'm sorry. Call MS.
Thanks but how would you automate the reconfiguration of the Windows Service (with Intune) so you can actually deploy this out?
Use PowerShell and the Microsoft Graph
@@directorcia thanks. I created a small power shell script in Intune that turns on the service and sets it to automatic start. It’s working good so far.
@@inlinesix6694 If u apply AppLocker via the Intune process I highlighted using the OMI URL, everything, including starting the service, is done for you. If you use Intune for AppLocker via the method I show there should be no need for additional scripting as Intune handles the lot. I would also suggest that you really should be using WDAC rather than AppLocker as that is newer technology amd WDAC is what MS recommends you use.
@@directorcia you are right. I tried without the power shell script and all is working. I was considered MDAC but just have not spent the time researching how much is involved to just block google chrome from installing. The applocker was quick and easy though for my need.
how to block installation of all exe, msi applications from running
You set the policy as shown and none will run.
@@directorcia what about blocking specific .exe files only? I mean as per tutorial, which is great, and thank you for your effort...the video describes blocking all .exe files right? and should I choose a specific .exe file it would work the same?
@@Endymionem yes
Thanks for video. Please tell me more. What is condition need to configuration an Applocker? Ex: AD on-prime, PC joined domain? or Just Intune. Thank you
You need to use something to push policy, Intune, Endpoint Manager, Group policy etc.
Hello Robert, The policy worked for me unfortunately its blocking ms teams and wont allow the admin to execute MSI packages
U can adjust the policy to accommodate Teams
@@directorcia Thanks
Can we define a list of allowed software there and block all others?
Yes
Excellent video.. I tried to create one. But in deployment status it is showing remediated.. Do you know why?
Sorry, no idea