I am running an Intune managed network of Windows 10 computers. We have an initial APP Lockdown policy deployed by Custom OMA-URI Setting: We used the following XML file:
<RuleCollection Type="Exe" EnforcementMode="NotConfigured" >
<FilePathRule Id="fd686d83-a829-4351-8ff4-27c7de5755d2" Name="(Default Rule) All files" Description="Allows members of the local Administrators group to run all applications." UserOrGroupSid="S-1-5-32-544" Action="Allow" >
<Conditions>
<FilePathCondition Path="*" />
</Conditions>
</FilePathRule>
<FilePathRule Id="ce9d9fd5-d765-48df-b87b-e1bafd5653ed" Name="All files" Description="Allows members of the Everyone group to run applications that are located in any folder." UserOrGroupSid="S-1-1-0" Action="Allow" >
<Conditions>
<FilePathCondition Path="*" />
</Conditions>
<Exceptions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="Microsoft® Windows® Operating System" BinaryName="CMD.EXE" >
<BinaryVersionRange LowSection="" HighSection="" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="Microsoft® Windows® Operating System" BinaryName="POWERSHELL.EXE" >
<BinaryVersionRange LowSection="" HighSection="" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="Microsoft® Windows® Operating System" BinaryName="POWERSHELL_ISE.EXE" >
<BinaryVersionRange LowSection="" HighSection="" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="Microsoft® Windows® Operating System" BinaryName="REGEDIT.EXE" >
<BinaryVersionRange LowSection="" HighSection="" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="Microsoft® Windows® Operating System" BinaryName="REG.EXE" >
<BinaryVersionRange LowSection="" HighSection="" />
</FilePublisherCondition>
</Exceptions>
</FilePathRule>
</RuleCollection> It works fine for this XML file.
However, we woud like to remove the blocking of CMD.exe from this policy. We then created another policy with this XML file but with the lines related to CMD.exe removed
<RuleCollection Type="Exe" EnforcementMode="NotConfigured" >
<FilePathRule Id="fd686d83-a829-4351-8ff4-27c7de5755d2" Name="(Default Rule) All files" Description="Allows members of the local Administrators group to run all applications." UserOrGroupSid="S-1-5-32-544" Action="Allow" >
<Conditions>
<FilePathCondition Path="*" />
</Conditions>
</FilePathRule>
<FilePathRule Id="ce9d9fd5-d765-48df-b87b-e1bafd5653ed" Name="All files" Description="Allows members of the Everyone group to run applications that are located in any folder." UserOrGroupSid="S-1-1-0" Action="Allow" >
<Conditions>
<FilePathCondition Path="*" />
</Conditions>
<Exceptions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="Microsoft® Windows® Operating System" BinaryName="POWERSHELL.EXE" >
<BinaryVersionRange LowSection="" HighSection="" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="Microsoft® Windows® Operating System" BinaryName="POWERSHELL_ISE.EXE" >
<BinaryVersionRange LowSection="" HighSection="" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="Microsoft® Windows® Operating System" BinaryName="REGEDIT.EXE" >
<BinaryVersionRange LowSection="" HighSection="" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="Microsoft® Windows® Operating System" BinaryName="REG.EXE" >
<BinaryVersionRange LowSection="" HighSection="" />
</FilePublisherCondition>
</Exceptions>
</FilePathRule>
</RuleCollection>
We have a test device prepared by removing from the previous old policy and applied with this newly revised Policy. After successful deployment, we have found out that the new policy have absolutely no effect on the test device.
It looks like now everything is not blocked for the test device. Have we missed anything? We just copied the old content to create the XML file in Notepad (in UTF-8 format) from the Intune Mangement GUI and deleted the several lines relatd to blocking the CMD.exe. Saved the revised XML file and used it to create the revised policy and applied to the test device. Anyone can help point us to some possible reasons why the revised policy does not work?