CSP do AppLocker
A tabela a seguir mostra a aplicabilidade de Windows:
| Edição | Windows 10 | Windows 11 |
|---|---|---|
| Home | Sim | Sim |
| Pro | Sim | Sim |
| Windows SE | Não | Sim |
| Negócios | Sim | Sim |
| Enterprise | Sim | Sim |
| Educação | Sim | Sim |
O provedor de serviços de configuração do AppLocker é usado para especificar quais aplicativos são permitidos ou não permitidos. Não há nenhuma interface do usuário mostrada para aplicativos bloqueados.
O exemplo a seguir mostra o provedor de serviços de configuração do AppLocker no formato de árvore.
./Vendor/MSFT
AppLocker
----ApplicationLaunchRestrictions
--------Grouping
------------EXE
----------------Policy
----------------EnforcementMode
----------------NonInteractiveProcessEnforcement
------------MSI
----------------Policy
----------------EnforcementMode
------------Script
----------------Policy
----------------EnforcementMode
------------StoreApps
----------------Policy
----------------EnforcementMode
------------DLL
----------------Policy
----------------EnforcementMode
----------------NonInteractiveProcessEnforcement
------------CodeIntegrity
----------------Policy
----EnterpriseDataProtection
--------Grouping
------------EXE
----------------Policy
------------StoreApps
----------------Policy
----LaunchControl
--------Grouping
------------EXE
----------------Policy
----------------EnforcementMode
------------StoreApps
----------------Policy
----------------EnforcementMode
----FamilySafety
--------Grouping
------------EXE
----------------Policy
----------------EnforcementMode
------------StoreApps
----------------Policy
----------------EnforcementMode
./Vendor/MSFT/AppLocker
Define o nó raiz para o provedor de serviços de configuração do AppLocker.
AppLocker/ApplicationLaunchRestrictions
Define restrições para aplicativos.
Observação
Quando você cria uma lista de aplicativos permitidos, todos os aplicativos da caixa de entrada também são bloqueados e você deve incluí-los em sua lista de aplicativos permitidos. Não se esqueça de adicionar os aplicativos de caixa de entrada para Telefone, Mensagens, Configurações, Iniciar, Email e contas, Trabalho e escola e outros aplicativos de que você precisa.
Não há suporte para exclusão/cancelamento de registro, a menos que os valores de agrupamento sejam exclusivos entre registros. Se vários registros usarem o mesmo valor de Agrupamento, o cancelamento do registro não funcionará conforme o esperado, pois há URIs duplicados que são excluídos pelo gerenciador de recursos. Para evitar esse problema, o valor agrupamento deve incluir alguma aleatoriedade. A melhor prática é usar um GUID gerado aleatoriamente. No entanto, não há nenhum requisito no valor exato do nó.
Observação
O CSP do AppLocker agendará uma reinicialização quando uma política for aplicada ou quando ocorrer uma exclusão usando o URI AppLocker/ApplicationLaunchRestrictions/Grouping/CodeIntegrity/Policy.
AppLocker/ApplicationLaunchRestrictions/Grouping
Nós de agrupamento são nós dinâmicos e pode haver qualquer número deles para um determinado registro (ou um determinado contexto). Os identificadores reais são selecionados pelo ponto de extremidade de gerenciamento, cujo trabalho é determinar qual é sua finalidade e não entrar em conflito com outros identificadores que eles definem.
Diferentes registros e contextos podem usar o mesmo identificador de autoridade, mesmo que muitos desses identificadores estejam ativos ao mesmo tempo.
As operações com suporte são Get, Add, Delete e Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/EXE
Define restrições para iniciar aplicativos executáveis.
As operações com suporte são Get, Add, Delete e Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/EXE/Policy
Os nós de política definem a política para iniciar executáveis, Windows arquivos do instalador, scripts, aplicativos da loja e arquivos DLL. O conteúdo de um determinado nó de política é precisamente o formato XML para um nó RuleCollection na política XML do AppLocker correspondente.
O tipo de dados é cadeia de caracteres.
As operações com suporte são Get, Add, Delete e Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/EXE/EnforcementMode
O nó EnforcementMode para Windows Proteção de Informações (anteriormente conhecido como Enterprise Proteção de Dados) não afeta o comportamento de EnterpriseDataProtection. O EDPEnforcementLevel do CSP de Política deve ser usado para habilitar e desabilitar Windows Proteção de Informações (anteriormente conhecido como proteção de Enterprise dados).
O tipo de dados é uma cadeia de caracteres.
As operações com suporte são Get, Add, Delete e Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/EXE/NonInteractiveProcessEnforcement
O tipo de dados é uma cadeia de caracteres.
As operações com suporte são adicionar, excluir, obter e substituir.
AppLocker/ApplicationLaunchRestrictions/Grouping/MSI
Define restrições para executar arquivos Windows Instalador.
As operações com suporte são Get, Add, Delete e Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/MSI/Policy
Os nós de política definem a política para iniciar executáveis, Windows arquivos do instalador, scripts, aplicativos da loja e arquivos DLL. O conteúdo de um determinado nó de política é precisamente o formato XML para um nó RuleCollection na política XML do AppLocker correspondente.
O tipo de dados é cadeia de caracteres.
As operações com suporte são Get, Add, Delete e Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/MSI/EnforcementMode
O nó EnforcementMode para Windows Proteção de Informações (anteriormente conhecido como Enterprise Proteção de Dados) não afeta o comportamento de EnterpriseDataProtection. O EDPEnforcementLevel do CSP de Política deve ser usado para habilitar e desabilitar Windows Proteção de Informações (anteriormente conhecido como proteção de Enterprise dados).
O tipo de dados é uma cadeia de caracteres.
As operações com suporte são Get, Add, Delete e Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/Script
Define restrições para executar scripts.
As operações com suporte são Get, Add, Delete e Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/Script/Policy
Os nós de política definem a política para iniciar executáveis, Windows arquivos do instalador, scripts, aplicativos da loja e arquivos DLL. O conteúdo de um determinado nó de política é precisamente o formato XML para um nó RuleCollection na política XML do AppLocker correspondente.
O tipo de dados é cadeia de caracteres.
As operações com suporte são Get, Add, Delete e Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/Script/EnforcementMode
O nó EnforcementMode para Windows Proteção de Informações (anteriormente conhecido como Enterprise Proteção de Dados) não afeta o comportamento de EnterpriseDataProtection. O EDPEnforcementLevel do CSP de Política deve ser usado para habilitar e desabilitar Windows Proteção de Informações (anteriormente conhecido como proteção de Enterprise dados).
O tipo de dados é uma cadeia de caracteres.
As operações com suporte são Get, Add, Delete e Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/StoreApps
Define restrições para executar aplicativos do Microsoft Store.
As operações com suporte são Get, Add, Delete e Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/StoreApps/Policy
Os nós de política definem a política para iniciar executáveis, Windows arquivos do instalador, scripts, aplicativos da loja e arquivos DLL. O conteúdo de um determinado nó de política é precisamente o formato XML para um nó RuleCollection na política XML do AppLocker correspondente.
O tipo de dados é cadeia de caracteres.
As operações com suporte são Get, Add, Delete e Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/StoreApps/EnforcementMode
O nó EnforcementMode para Windows Proteção de Informações (anteriormente conhecido como Enterprise Proteção de Dados) não afeta o comportamento de EnterpriseDataProtection. O EDPEnforcementLevel do CSP de Política deve ser usado para habilitar e desabilitar Windows Proteção de Informações (anteriormente conhecido como proteção de Enterprise dados).
O tipo de dados é uma cadeia de caracteres.
As operações com suporte são Get, Add, Delete e Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/DLL
Define restrições para processar arquivos DLL.
As operações com suporte são Get, Add, Delete e Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/DLL/Policy
Os nós de política definem a política para iniciar executáveis, Windows arquivos do instalador, scripts, aplicativos da loja e arquivos DLL. O conteúdo de um determinado nó de política é precisamente o formato XML para um nó RuleCollection na política XML do AppLocker correspondente.
O tipo de dados é cadeia de caracteres.
As operações com suporte são Get, Add, Delete e Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/DLL/EnforcementMode
O nó EnforcementMode para Windows Proteção de Informações (anteriormente conhecido como Enterprise Proteção de Dados) não afeta o comportamento de EnterpriseDataProtection. O EDPEnforcementLevel do CSP de Política deve ser usado para habilitar e desabilitar Windows Proteção de Informações (anteriormente conhecido como proteção de Enterprise dados).
O tipo de dados é uma cadeia de caracteres.
As operações com suporte são Get, Add, Delete e Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/DLL/NonInteractiveProcessEnforcement
O tipo de dados é uma cadeia de caracteres.
As operações com suporte são adicionar, excluir, obter e substituir.
AppLocker/ApplicationLaunchRestrictions/Grouping/CodeIntegrity
Esse nó só tem suporte na área de trabalho.
As operações com suporte são Get, Add, Delete e Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/CodeIntegrity/Policy
Os nós de política definem a política para iniciar executáveis, Windows arquivos do instalador, scripts, aplicativos da loja e arquivos DLL. O conteúdo de um determinado nó de política é precisamente o formato XML para um nó RuleCollection na política XML do AppLocker correspondente.
O tipo de dados é Base64.
As operações com suporte são Get, Add, Delete e Replace.
Observação
Para usar a Política de Integridade de Código, primeiro você precisa converter as políticas em formato binário usando o ConvertFrom-CIPolicy cmdlet. Em seguida, um blob codificado em Base64 da representação de política binária deve ser criado (por exemplo, usando a ferramenta de linha de comando certutil -encode ) e adicionado ao Applocker-CSP.
AppLocker/EnterpriseDataProtection
Captura a lista de aplicativos que têm permissão para lidar com dados corporativos. Deve ser usado com as configurações em ./Device/Vendor/MSFT/EnterpriseDataProtection no CSP EnterpriseDataProtection.
No Windows 10, versão 1607, o Windows Proteção de Informações tem um conceito para aplicativos permitidos e isentos. Os aplicativos permitidos podem acessar dados corporativos e os dados manipulados por esses aplicativos são protegidos com criptografia. Os aplicativos isentos também podem acessar dados corporativos, mas os dados manipulados por esses aplicativos não estão protegidos. Isso ocorre porque alguns aplicativos empresariais críticos podem ter problemas de compatibilidade com dados criptografados.
Você pode definir a lista de permissões usando o seguinte URI:
- ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Grouping/EXE/Policy
- ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Grouping/StoreApps/Policy
Você pode definir a lista isenta usando o URI a seguir. A cadeia de caracteres agrupamento deve conter a palavra-chave "EdpExempt" em qualquer lugar para ajudar a distinguir a lista isenta da lista de permissões. A palavra-chave "EdpExempt" também é avaliada de maneira que não diferencia maiúsculas de minúsculas:
- ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Grouping inclui "EdpExempt"/EXE/Policy
- ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Grouping inclui "EdpExempt"/StoreApps/Policy
Exemplos isentos:
- ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/ContosoEdpExempt/EXE/Policy
- ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/xxxxxEdpExemptxxxxx/EXE/Policy
Informações adicionais:
- Lista de bloqueios recomendada para Windows Proteção de Informações – exemplo para Windows 10, versão 1607 que nega que aplicativos da Microsoft conhecidos não habilitados acessem dados corporativos como um aplicativo permitido. Essa prevenção garante que um administrador não torne esses aplicativos acidentalmente Windows Proteção de Informações permitidos e evite problemas de compatibilidade conhecidos relacionados à criptografia automática de arquivos com esses aplicativos.
AppLocker/EnterpriseDataProtection/Grouping
Nós de agrupamento são nós dinâmicos e pode haver qualquer número deles para um determinado registro (ou um determinado contexto). Os identificadores reais são selecionados pelo ponto de extremidade de gerenciamento, cujo trabalho é determinar qual é sua finalidade e não entrar em conflito com outros identificadores que eles definem.
Diferentes registros e contextos podem usar o mesmo identificador de autoridade, mesmo que muitos desses identificadores estejam ativos ao mesmo tempo.
As operações com suporte são Get, Add, Delete e Replace.
AppLocker/EnterpriseDataProtection/Grouping/EXE
Define restrições para iniciar aplicativos executáveis.
As operações com suporte são Get, Add, Delete e Replace.
AppLocker/EnterpriseDataProtection/Grouping/EXE/Policy
Os nós de política definem a política para iniciar executáveis, Windows arquivos do instalador, scripts, aplicativos da loja e arquivos DLL. O conteúdo de um determinado nó de política é precisamente o formato XML para um nó RuleCollection na política XML do AppLocker correspondente.
O tipo de dados é cadeia de caracteres.
As operações com suporte são Get, Add, Delete e Replace.
AppLocker/EnterpriseDataProtection/Grouping/StoreApps
Define restrições para executar aplicativos do Microsoft Store.
As operações com suporte são Get, Add, Delete e Replace.
AppLocker/EnterpriseDataProtection/Grouping/StoreApps/Policy
Os nós de política definem a política para iniciar executáveis, Windows arquivos do instalador, scripts, aplicativos da loja e arquivos DLL. O conteúdo de um determinado nó de política é precisamente o formato XML para um nó RuleCollection na política XML do AppLocker correspondente.
O tipo de dados é cadeia de caracteres.
As operações com suporte são Get, Add, Delete e Replace.
Em seu telefone, em Descoberta de dispositivo, toque em Emparelhar. Você receberá um código (diferencia maiúsculas de minúsculas).
No navegador da página Configurar acesso, insira o código (diferencia maiúsculas de minúsculas) na caixa de texto e clique em Enviar.
A página do Portal de Dispositivos é aberta no navegador.
Na página do Portal de Dispositivos da área de trabalho, clique em Aplicativos para abrir o Gerenciador de Aplicativos.
Na página do Gerenciador de Aplicativos em Execução de aplicativos, você verá o Publisher PackageFullName dos aplicativos.
Se você não vir o aplicativo desejado, procure em Aplicativos instalados. Usando o menu suspenso, clique no aplicativo e você obterá a versão, Publisher e PackageFullName exibidas.
A tabela a seguir mostra o mapeamento de informações para o campo de regra do editor appLocker.
| Dados do portal do dispositivo | Campo de regra do editor appLocker |
|---|---|
| PackageFullName | ProductName: o nome do produto é a primeira parte do PackageFullName seguido pelo número de versão. No exemplo Câmera do Windows, ProductName é Microsoft.WindowsCamera. |
| Editor | Editor |
| Versão | Versão A versão pode ser usada no HighSection ou LowSection do BinaryVersionRange. HighSection define o número de versão mais alto e LowSection define o número de versão mais baixo que deve ser confiável. Você pode usar um curinga para ambas as versões para criar uma regra independente de versão. Usar um curinga para um dos valores fornecerá maior ou menor que uma semântica de versão específica. |
Aqui está um exemplo de regra de editor do AppLocker:
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Reader" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
Você pode obter o nome do editor e o nome do produto dos aplicativos usando uma API Web.
Para localizar o editor e o nome do produto para aplicativos da Microsoft Microsoft Store para Empresas:
Acesse o site da Microsoft Store para Empresas e localize seu aplicativo. Por exemplo, Microsoft OneNote.
Copie o valor de ID da URL do aplicativo. Por exemplo, Microsoft OneNote URL https://www.microsoft.com/store/apps/onenote/9wzdncrfhvjlda ID é e você copiaria o valor da ID: 9wzdncrfhvjl.
No navegador, execute a API Web do portal da Loja para Empresas para retornar um arquivo JSON (JavaScript Object Notation) que inclui os valores de nome do produto e do editor.
URI da solicitação:
https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/{app ID}/applockerdata
Este é o exemplo de Microsoft OneNote:
Solicitação
https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9wzdncrfhvjl/applockerdata
Resultado
{
"packageFamilyName": "Microsoft.Office.OneNote_8wekyb3d8bbwe",
"packageIdentityName": "Microsoft.Office.OneNote",
"windowsPhoneLegacyId": "ca05b3ab-f157-450c-8c49-a1f127f5e71d",
"publisherCertificateName": "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
}
| Dados de resultado | Campo de regra do editor appLocker |
|---|---|
| packageIdentityName | ProductName |
| publisherCertificateName | Editor |
| windowsPhoneLegacyId | O mesmo valor é mapeado para ProductName e Publisher nome. Esse valor só estará presente se houver um pacote XAP associado ao aplicativo na Loja. Se esse valor for preenchido, a coisa simples a fazer para cobrir o pacote AppX e XAP seria criar duas regras para o aplicativo. Uma regra para AppX usando o valor packageIdentityName e publisherCertificateName e outra usando o valor windowsPhoneLegacyId. |
Configurações aplicativos que dependem de aplicativos insotivos
Esses aplicativos são bloqueados, a menos que sejam adicionados explicitamente à lista de aplicativos permitidos. A tabela a seguir mostra o subconjunto Configurações aplicativos que dependem de aplicativos insotivos.
O nome do produto é a primeira parte do PackageFullName seguido pelo número de versão.
| Configurações do aplicativo | PackageFullName ou Nome do produto | ProductID |
|---|---|---|
| Conta corporativa ou de estudante | Microsoft.AAD.BrokerPlugin | e5f8b2c4-75ae-45ee-9be8-212e34f77747 |
| Email e contas | Microsoft.AccountsControl | 39cf127b-8c67-c149-539a-c02271d07060 |
| SettingsPageKeyboard | 5b04b775-356b-4aa0-aaf8-6491ffea5608_1.1.0.0_neutral__cw8ffb7c56vgc | 5b04b775-356b-4aa0-aaf8-6491ffea5608 |
| SettingsPageTimeRegion | 5b04b775-356b-4aa0-aaf8-6491ffea560c_1.0.0.0_neutral__gqhq4qhgje4fw | 5b04b775-356b-4aa0-aaf8-6491ffea560c |
| SettingsPagePCSystemBluetooth | 5b04b775-356b-4aa0-aaf8-6491ffea5620_1.0.0.0_neutral__nvaj48k0z8te8 | 5b04b775-356b-4aa0-aaf8-6491ffea5620 |
| SettingsPageNetworkAirplaneMode | 5b04b775-356b-4aa0-aaf8-6491ffea5621_1.0.0.0_neutral__f73kmnfsk0aj2 | 5b04b775-356b-4aa0-aaf8-6491ffea5621 |
| SettingsPageNetworkWiFi | 5b04b775-356b-4aa0-aaf8-6491ffea5623_1.0.0.0_neutral__a3jhh70a240gm | 5b04b775-356b-4aa0-aaf8-6491ffea5623 |
| SettingsPageNetworkInternetSharing | 5b04b775-356b-4aa0-aaf8-6491ffea5629_1.0.0.0_neutral__yqcw9dmx6t3pe | 5b04b775-356b-4aa0-aaf8-6491ffea5629 |
| SettingsPageAccountsWorkplace | 5b04b775-356b-4aa0-aaf8-6491ffea562a_1.0.0.0_neutral__q1wjbr14bc3d0 | 5b04b775-356b-4aa0-aaf8-6491ffea562a |
| SettingsPageRestoreUpdate | 5b04b775-356b-4aa0-aaf8-6491ffea5640_1.0.0.0_neutral__j77gbj5kz730y | 5b04b775-356b-4aa0-aaf8-6491ffea5640 |
| SettingsPageKidsCorner | 5b04b775-356b-4aa0-aaf8-6491ffea5802_1.0.0.0_neutral__1wmss2z3sft8c | 5b04b775-356b-4aa0-aaf8-6491ffea5802 |
| SettingsPageDrivingMode | 5b04b775-356b-4aa0-aaf8-6491ffea5804_1.0.0.0_neutral__t553967svy34g | 5b04b775-356b-4aa0-aaf8-6491ffea5804 |
| SettingsPageTimeLanguage | 5b04b775-356b-4aa0-aaf8-6491ffea5808_1.0.0.0_neutral__ecxasj38g8ynw | 5b04b775-356b-4aa0-aaf8-6491ffea5808 |
| SettingsPageAppsCorner | 5b04b775-356b-4aa0-aaf8-6491ffea580a_1.0.0.0_neutral__4vefaa8deck74 | 5b04b775-356b-4aa0-aaf8-6491ffea580a |
| SettingsPagePhoneNfc | b0894dfd-4671-4bb9-bc17-a8b39947ffb6_1.0.0.0_neutral__1prqnbg33c1tj | b0894dfd-4671-4bb9-bc17-a8b39947ffb6 |
Aplicativos e componentes da caixa de entrada
A lista a seguir mostra os aplicativos que podem ser incluídos na caixa de entrada.
Observação
Esta lista identifica os aplicativos do sistema que são fornecidos como parte Windows que você pode adicionar à política do AppLocker para garantir o funcionamento adequado do sistema operacional. Se você decidir bloquear alguns desses aplicativos, recomendamos um teste completo antes de implantar em seu ambiente de produção. A falha em fazer isso pode resultar em falhas inesperadas e pode prejudicar significativamente a experiência do usuário.
| Aplicativo | ID do produto | Nome do produto |
|---|---|---|
| Visualizador 3D | f41647c9-d567-4378-b2ab-7924e5a152f3 | Microsoft.Microsoft3DViewer (adicionado no Windows 10, versão 1703) |
| Informações avançadas | b6e3e590-9fa5-40c0-86ac-ef475de98e88 | b6e3e590-9fa5-40c0-86ac-ef475de98e88 |
| Trabalhador com idade avançada | 09296e27-c9f3-4ab9-aa76-ecc4497d94bb | |
| Alarmes e relógio | 44f7d2b4-553d-4bec-a8b7-634ce897ed5f | Microsoft.WindowsAlarms |
| Downloads de aplicativos | 20bf77a0-19c7-4daa-8db5-bc3dfdfa44ac | |
| Aplicativo de bloqueio de acesso atribuído | b84f4722-313e-4f85-8f41-cf5417c9c5cb | |
| Bing bloquear imagens | 5f28c179-2780-41df-b966-27807b8de02c | |
| Bloquear e filtrar | 59553c14-5701-49a2-9909-264d034deb3d | |
| Plug-in do broker (o mesmo que conta corporativa ou de estudante) | Microsoft.AAD.BrokerPlugin | |
| Calculadora | b58171c6-c70c-4266-a2e8-8f9c994f4456 | Microsoft.WindowsCalculator |
| Camera | f0d8fefd-31cd-43a1-a45a-d0276db069f1 | Microsoft.WindowsCamera |
| Certinstaller | 4c4ad968-7100-49de-8cd1-402e198d869e | |
| Perfil de cor | b08997ca-60ab-4dce-b088-f92e9c7994f3 | |
| Conectar | af7d2801-56c0-4eb1-824b-dd91cdf7ece5 | Microsoft.DevicesFlow |
| Contate o Suporte | 0db5fcff-4544-458a-b320-e352dfd9ca2b | Windows.ContactSupport |
| Cortana | fd68dcf4-166f-4c55-a4ca-348020f71b94 | Microsoft.Windows.Cortana |
| Cortana escutar interface do usuário | CortanaListenUI | |
| Host da caixa de diálogo Credenciais | Microsoft.CredDialogHost | |
| EXPERIÊNCIA DO PIN do Device Portal | holopairingapp | |
| Email e contas | 39cf127b-8c67-c149-539a-c02271d07060 | Microsoft.AccountsControl |
| Enterprise instala o aplicativo | da52fa01-ac0f-479d-957f-bfe4595941cb | |
| Equalizador | 373cb76e-7f6c-45aa-8633-b00e85c73261 | |
| Excel | ead3e7c0-fae6-4603-8699-6a448138f4dc | Microsoft. Office. Excel |
| 82a23635-5bd9-df11-a844-00237de2db9e | Microsoft.MSFacebook | |
| Field Medic | 73c58570-d5a7-46f8-b1b2-2a90024fc29c | |
| Explorador de Arquivos | c5e2524a-ea46-4f67-841f-6a9465d9d515 | c5e2524a-ea46-4f67-841f-6a9465d9d515 |
| Rádio FM | f725010e-455d-4c09-ac48-bcdef0d4b626 | f725010e-455d-4c09-ac48-bcdef0d4b626 |
| Introdução | b3726308-3d74-4a14-a84c-867c8c735c3c | Microsoft.Getstarted |
| Noções básicas | 106e0a97-8b19-42cf-8879-a8ed2598fcbb | |
| Groove Música | d2b6a184-da39-4c9a-9e0a-8b589b03dec0 | Microsoft.ZuneMusic |
| Hands-Free ativação | df6c9621-e873-4e86-bb56-93e9f21b1d6f | |
| Hands-Free ativação | 72803bd5-4f36-41a4-a349-e83e027c4722 | |
| Trabalho em segundo plano de atualização do HAP | 73c73cdd-4dea-462c-bd83-fa983056a4ef | |
| Shell holográfico | HoloShell | |
| Dados de movimento lumia | 8fc25fd2-4e2e-4873-be44-20e57f6ec52b | |
| Maps | ed27a07e-af57-416b-bc0c-2596b622ef7d | Microsoft.WindowsMaps |
| Mensagens | 27e26f40-e031-48a6-b130-d1f20388991a | Microsoft.Messaging |
| Conta Microsoft | 3a4fae89-7b7e-44b4-867b-f7e2772b8253 | Microsoft.CloudExperienceHost |
| Microsoft Edge | 395589fb-5884-4709-b9df-f7d558663ffd | Microsoft.MicrosoftEdge |
| Microsoft Frameworks | ProductID = 000000000-0000-0000-0000-00000000000 PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" | |
| Interface do usuário de migração | MigrationUIApp | |
| MiracastView | 906beeda-b7e6-4ddc-ba8d-ad5031223ef9 | 906beeda-b7e6-4ddc-ba8d-ad5031223ef9 |
| Realidade Misturada Portal | Microsoft. Windows. HolographicFirstRun | |
| Dinheiro | 1e0440f1-7abf-4b9a-863d-177970eefb5e | Microsoft.BingFinance |
| Filmes e TV | 6affe59e-0467-4701-851f-7ac026e21665 | Microsoft.ZuneVideo |
| Downloads de música | 3da8a0c1-f7e5-47c0-a680-be8fd013f747 | |
| Barra de navegação | 2cd23676-8f68-4d07-8dd2-e693d4b01279 | |
| Serviços de rede | 62f172d1-f552-4749-871c-2afd1c95c245 | |
| Notícias | 9c3e8cad-6702-4842-8f61-b8b33cc9caf1 | Microsoft.BingNews |
| OneDrive | ad543082-80ec-45bb-aa02-ffe7f4182ba8 | Microsoft.MicrosoftSkydrive |
| OneNote | ca05b3ab-f157-450c-8c49-a1f127f5e71d | Microsoft.Office.OneNote |
| Calendário do Outlook e Email | a558feba-85d7-4665-b5d8-a2ff9c19799b | Microsoft.WindowsCommunicationsApps |
| Pessoas | 60be1fb8-3291-4b21-bd39-2221ab166481 | Microsoft.People |
| Phone | 5b04b775-356b-4aa0-aaf8-6491ffea5611 | 5b04b775-356b-4aa0-aaf8-6491ffea5611 |
| Telefone (discagem) | f41b5d0e-ee94-4f47-9cfe-3d3934c5a2c7 | Microsoft.CommsPhone |
| Telefone diálogo de redefinição | 2864278d-09b5-46f7-b502-1c24139ecbdd | |
| Fotos | fca55e1b-b9a4-4289-882f-084ef4145005 | Microsoft.Windows.Photos |
| Podcasts | c3215724-b279-4206-8c3e-61d1a9d63ed3 | Microsoft.MSPodcast |
| Downloads de podcast | 063773e7-f26f-4a92-81f0-aa71a1161e30 | |
| PowerPoint | b50483c4-8046-4e1b-81ba-590b24935798 | Microsoft. Office. PowerPoint |
| Printdialog | 0d32eeb1-32f0-40da-8558-cea6fcbec4a4 | Microsoft.PrintDialog |
| Caixa de diálogo Comprar | c60e79ca-063b-4e5d-9177-1309357b2c3f | |
| Classificar seu dispositivo | aec3bfad-e38c-4994-9c32-50bd030730ec | |
| RingtoneApp.WindowsPhone | 3e962450-486b-406b-abb5-d38b4ee7e6fe | Microsoft.Tonepicker |
| Salvar toque | d8cf8ec7-ec6d-4892-aab9-1e3a4b5fa24b | |
| Configurações | 2a4e62d8-8809-4787-89f8-69d0f01654fb | 2a4e62d8-8809-4787-89f8-69d0f01654fb |
| Configurações | Systemsettings | |
| Assistente de instalação | 07d87655-e4f0-474b-895a-773790ad4a32 | |
| Compartilhamento | b0894dfd-4671-4bb9-bc17-a8b39947ffb6 | |
| Entre para Windows 10 Holographic | WebAuthBridgeInternetSso, WebAuthBridgeInternet, WebAuthBridgeIntranetSso, WebAuthBrokerInternetSso, WebAuthBrokerInternetSso, WebAuthBrokerInternetSso, WebAuthBrokerInternet, WebAuthBrokerIntranetSso, SignIn | |
| Skype | c3f8e570-68b3-4d6a-bdbb-c0a3f4360a51 | Microsoft.SkypeApp |
| Vídeo do Skype | 27e26f40-e031-48a6-b130-d1f20388991a | Microsoft.Messaging |
| Esportes | 0f4c8c7e-7114-4e1e-a84c-50664db13b17 | Microsoft.BingSports |
| SSMHost | e232aa77-2b6d-442c-b0c3-f3bb9788af2a | |
| Start | 5b04b775-356b-4aa0-aaf8-6491ffea5602 | 5b04b775-356b-4aa0-aaf8-6491ffea5602 |
| Storage | 5b04b775-356b-4aa0-aaf8-6491ffea564d | 5b04b775-356b-4aa0-aaf8-6491ffea564d |
| Store | 7d47d89a-7900-47c5-93f2-46eb6d94c159 | Microsoft.WindowsStore |
| Toque (gestos e toque) | bbc57c87-46af-4c2c-824e-ac8104cceb38 | |
| Gravador de Voz | 7311b9c5-a4e9-4c74-bc3c-55b06ba95ad0 | Microsoft.WindowsSoundRecorder |
| Carteira | 587a4577-7868-4745-a29e-f996203f1462 | Microsoft.MicrosoftWallet |
| Carteira | 12ae577e-f8d1-4197-a207-4d24c309ff8f | Microsoft.Wallet |
| Tempo | 63c2a117-8604-44e7-8cef-df10be3a57c8 | Microsoft.BingWeather |
| Windows de bloqueio padrão | cdd63e31-9307-4ccb-ab62-1ffa5721b503 | |
| Windows Feedback | 7604089d-d13f-4a2d-9998-33fc02b63ce3 | Microsoft.WindowsFeedback |
| Word | 258f115c-48f4-4adb-9a68-1387e634459b | Microsoft. Office. Palavra |
| Conta corporativa ou de estudante | e5f8b2c4-75ae-45ee-9be8-212e34f77747 | Microsoft.AAD.BrokerPlugin |
| Xbox | b806836f-eebe-41c9-8669-19e243b81b83 | Microsoft.XboxApp |
| Provedor de identidade do Xbox | ba88225b-059a-45a2-a8eb-d3580283e49d | Microsoft.XboxIdentityProvider |
Exemplos da lista de permitidos
O exemplo a seguir desabilita o aplicativo de calendário.
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Add>
<CmdID>$CmdID$</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/PolicyManager/My/ApplicationManagement/ApplicationRestrictions</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
<Type xmlns="syncml:metinf">text/plain</Type>
</Meta>
<Data><AppPolicy Version="1" xmlns="http://schemas.microsoft.com/phone/2013/policy"><Deny><App ProductId="{a558feba-85d7-4665-b5d8-a2ff9c19799b}"/></Deny></AppPolicy>
</Data>
</Item>
</Add>
<Final/>
</SyncBody>
</SyncML>
O exemplo a seguir bloqueia o uso do aplicativo de mapa.
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Add>
<CmdID>$CmdID$</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/AppLockerPhoneGroup0/StoreApps/Policy</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
</Meta>
<Data>
<RuleCollection Type="Appx" EnforcementMode="Enabled">
<FilePublisherRule Id="a9e18c21-ff8f-43cf-b9fc-db40eed693ba" Name="(Default Rule) All signed Appx packages" Description="Allows members of the Everyone group to run Appx packages that are signed." UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*">
<BinaryVersionRange LowSection="0.0.0.0" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="fd686d83-a829-4351-8ff4-27c7de5755d2" Name="Deny Splash appmaps" Description="Deny members of the local Administrators group to run maps." UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsMaps" BinaryName="*" />
</Conditions>
</FilePublisherRule>
</RuleCollection>
</Data>
</Item>
</Add>
<Final/>
</SyncBody>
</SyncML>
O exemplo a seguir desabilita o Realidade Misturada Portal. No exemplo, a ID pode ser qualquer GUID gerado e o Nome pode ser qualquer nome que você escolher. BinaryName="*" permite bloquear qualquer executável de aplicativo no pacote Realidade Misturada Portal. Binário/VersionRange, conforme mostrado no exemplo, bloqueará todas as versões do aplicativo Portal de Realidade Misturada.
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Add>
<CmdID>$CmdID$</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/PolicyManager/My/ApplicationManagement/ApplicationRestrictions</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
<Type xmlns="syncml:metinf">text/plain</Type>
</Meta>
<Data>
<RuleCollection Type="Appx" EnforcementMode="Enabled">
<FilePublisherRule Id="a9e18c21-ff8f-43cf-b9fc-db40eed693ba" Name="(Default Rule) All signed packaged apps" Description="Allows members of the Everyone group to run packaged apps that are signed." UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*">
<BinaryVersionRange LowSection="0.0.0.0" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="d26da4e7-0b01-484d-a8d3-d5b5341b2d55" Name="Block Mixed Reality Portal" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.HolographicFirstRun" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
</RuleCollection>>
</Data>
</Item>
</Add>
<Final/>
</SyncBody>
</SyncML>
Neste exemplo, MobileGroup0 é o nome do nó. É recomendável usar um GUID para esse nó.
<?xml version="1.0" encoding="utf-8"?>
<SyncML>
<SyncBody>
<Add>
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/MobileGroup0</LocURI>
</Target>
</Item>
</Add>
<Add>
<CmdID>2</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/MobileGroup0/StoreApps</LocURI>
</Target>
</Item>
</Add>
<Replace>
<CmdID>3</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/MobileGroup0/StoreApps/Policy</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
</Meta>
<Data>
<RuleCollection Type="Appx" EnforcementMode="Enabled">
<FilePublisherRule Id="172B8ACE-AAF5-41FA-941A-93AEE126B4A9" Name="Default Rule to Deny ALL" Description="Deny all publisher" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="CN=*" ProductName="*" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="DDCD112F-E003-4874-8B3E-14CB23851D54" Name="Allowlist Settings splash app" Description="Allow Admins to run Settings." UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="2A4E62D8-8809-4787-89F8-69D0F01654FB" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="757D94A8-C752-4013-9896-D46EF10925E9" Name="Allowlist Settings WorkOrSchool" Description="Allow Admins to run WorkOrSchool" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA562A" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="473BCE1A-94D2-4AE1-8CB1-064B0677CACB" Name="Allowlist WorkPlace AAD BrokerPlugin" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.AAD.BrokerPlugin" BinaryName="*" >
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="E13EA64B-B0D3-4257-87F4-1B522D06EA03" Name="Allowlist Start" Description="Allow Admins to run Start." UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA5602" BinaryName="*" >
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="2898C4B2-4B37-4BFF-8F7B-16B377EDEA88" Name="Allowlist SettingsPageKeyboard" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5608" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="15BBA04F-3989-4FF7-9FEF-83C4DFDABA27" Name="Allowlist SettingsPageTimeRegion" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea560c" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="C3735CB1-060D-4D40-9708-6D33B98A7A2D" Name="Allowlist SettingsPagePCSystemBluetooth" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5620" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="AFACF5A3-2974-41EE-A31A-1486F593C145" Name="Allowlist SettingsPageNetworkAirplaneMode" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5621" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="7B02A339-9E77-4694-AF86-119265138129" Name="Allowlist SettingsPageNetworkWiFi" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA5623" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="F912172F-9D83-46F5-8D6C-BA7AB17063BE" Name="Allowlist SettingsPageNetworkInternetSharing" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA5629" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="67AE8001-4E49-442A-AD72-F837129ABF63" Name="Allowlist SettingsPageRestoreUpdate" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5640" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="7B65BCB2-4B1D-42B6-921B-B87F1474BDC5" Name="Allowlist SettingsPageKidsCorner" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5802" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="3964A53B-E131-4ED6-88DA-71FBDBE4E232" Name="Allowlist SettingsPageDrivingMode" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5804" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="99C4CD58-51A2-429A-B479-976ADB4EA757" Name="Allowlist SettingsPageTimeLanguage" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5808" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="EBA3BCBE-4651-48CE-8F94-C5AC5D8F72FB" Name="Allowlist SettingsPageAppsCorner" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea580a" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="E16EABCC-46E7-4AB3-9F48-67FFF941BBDC" Name="Allowlist SettingsPagePhoneNfc" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="b0894dfd-4671-4bb9-bc17-a8b39947ffb6" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="1F4C3904-9976-4FEE-A492-5708F14EABA5" Name="Allowlist MSA Cloud Experience Host" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.CloudExperienceHost" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="AA741A28-7C02-49A5-AA5C-35D53FB8A9DC" Name="Allowlist Email and Accounts" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.AccountsControl" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="863BE063-D134-4C5C-9825-9DF9A86B6B56" Name="Allowlist Calculator" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsCalculator" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="1DA2F479-3D1D-4425-9FFA-D4E6908F945A" Name="Allowlist Alarms and Clock" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsAlarms" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="18E12372-21C6-4DA5-970E-0A58739D7151" Name="Allowlist People" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.People" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="FD686D83-A829-4351-8FF4-27C7DE5755D2" Name="Allowlist Camera" Description="Allow Admins to run camera." UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsCamera" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="16875F70-1778-43CC-96BB-783C9A8E53D5" Name="Allowlist WindowsMaps" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsMaps" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="D21D6F9D-CFF6-4AD1-867A-2411CE6A388D" Name="Allowlist FileExplorer" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="c5e2524a-ea46-4f67-841f-6a9465d9d515" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="450B6D7E-1738-41C9-9241-466C3FA4AB0C" Name="Allowlist FM Radio" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="F725010E-455D-4C09-AC48-BCDEF0D4B626" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="37F4272C-F4A0-4AB8-9B5F-C9194A0EC6F3" Name="Allowlist Microsoft Edge" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MicrosoftEdge" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="253D3AEA-36C0-4877-B932-9E9C9493F3F3" Name="Allowlist Movies" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.ZuneVideo" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="9A73E081-01D1-4BFD-ADF4-5C29AD4031F7" Name="Allowlist Money" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.BingFinance" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="EE4BF66C-EBF0-4565-982C-922FFDCB2E6D" Name="Allowlist News" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.BingNews" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="D78E6A9D-10F8-4C23-B620-40B01B60E5EA" Name="Allowlist Onedrive" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="AD543082-80EC-45BB-AA02-FFE7F4182BA8" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="0012F35E-C242-47FF-A573-3DA06AF7E43C" Name="Allowlist Onedrive APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MicrosoftSkydrive" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="178B0D68-3498-40CE-A0C3-295C6B3DA169" Name="Allowlist OneNote" Description="Allow Admins to run onenote." UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Office.OneNote" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="673914E4-D73A-405D-8DCF-173E36EA6722" Name="Allowlist GetStarted" Description="Allow Admins to run onenote." UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Getstarted" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="4546BD28-69B6-4175-A44C-33197D48F658" Name="Allowlist Outlook Calendar" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="microsoft.windowscommunicationsapps" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="7B843572-E1AD-45E6-A1F2-C551C70E4A34" Name="Allowlist Outlook Mail" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="microsoft.windowscommunicationsapps" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="E5A1CD1A-8C23-41E4-AACF-BF82FCE775A5" Name="Allowlist Photos" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.Photos" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="0A194DD1-B25B-4512-8AFC-6F560D0EC205" Name="Allowlist PodCasts" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MSPodcast" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="F5D27860-0238-4D1A-8011-9B8B263C3A33" Name="Allowlist SkypeApp" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="Microsoft.SkypeApp" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="B8BBC965-EC6D-4C16-AC68-C5F0090CB703" Name="Allowlist Store" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsStore" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="6031E1E7-A659-4B3D-87FB-3CB4C900F9D2" Name="Allowlist Sports" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.BingSports" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="A6D61B56-7CF7-4E95-953C-3A5913309B4E" Name="Allowlist Wallet" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MicrosoftWallet" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="A2C44744-0627-4A52-937E-E3EC1ED476E0" Name="Allowlist Weather" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.BingWeather" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="D79978B4-EFAE-4458-8FE1-0F13B5CE6764" Name="Allowlist Xbox" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.XboxApp" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="395713B9-DD39-4741-8AB3-63D0A0DCA2B0" Name="Allowlist Xbox Identity Provider" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.XboxIdentityProvider" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="7565A8BB-D50B-4237-A9E9-B0997B36BDF9" Name="Allowlist Voice recorder" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsSoundRecorder" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="409A286E-8C3D-48AB-9D7C-3225A48B30C9" Name="Allowlist Word" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Office.Word" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="F72A5DA6-CA6A-4E7F-A350-AC9FACAB47DB" Name="Allowlist Excel" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Office.Excel" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="169B3498-2A73-4D5C-8AFB-A0DE2908A07D" Name="Allowlist PowerPoint" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Office.PowerPoint" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="A483B662-3538-4D70-98A7-1312D51A0DB9" Name="Allowlist Contact Support" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Windows.ContactSupport" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="EAB1CEDC-DD8A-4311-9146-27A3C689DEAF" Name="Allowlist Cortana" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.Cortana" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="01CD8E68-666B-4DE6-8849-7CE4F0C37CA8" Name="Allowlist Storage" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA564D" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="15D9AD89-58BC-458E-9B96-3A18DA63AC3E" Name="Allowlist Groove Music" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.ZuneMusic" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="E2B71B03-D759-4AE2-8526-E1A0CE2801DE" Name="Allowlist Windows Feedback" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsFeedback" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="E7A30489-A20B-44C3-91A8-19D9F61A8B5B" Name="Allowlist Messaging and Messaging Video" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Messaging" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="D2A16D0C-8CC0-4C3A-9FB5-C1DB1B380CED" Name="Allowlist Phone splash" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA5611" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="2A355478-7449-43CB-908A-A378AA59FBB9" Name="Allowlist Phone APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.CommsPhone" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="89441630-7F1C-439B-8FFD-0BEEFF400C9B" Name="Allowlist Connect APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.DevicesFlow" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="E8AF01B5-7039-44F4-8072-6A6CC71EDF2E" Name="Allowlist Miracast APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="906BEEDA-B7E6-4DDC-BA8D-AD5031223EF9" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="DA02425B-0291-4A10-BE7E-B9C7922F4EDF" Name="Allowlist Print Dialog APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.PrintDialog" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="42919A05-347B-4A5F-ACB2-73710A2E6203" Name="Allowlist Block and Filter APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.BlockandFilterglobal" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="6F3D8885-C15E-4D7E-8E1F-F2A560C08F9E" Name="Allowlist MSFacebook" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MSFacebook" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="5168A5C3-5DC9-46C1-87C0-65A9DE1B4D18" Name="Allowlist Advanced Info" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="B6E3E590-9FA5-40C0-86AC-EF475DE98E88" BinaryName="*" />
</Conditions>
</FilePublisherRule>
</RuleCollection>
</Data>
</Item>
</Replace>
<Final/>
</SyncBody>
</SyncML>
Exemplo do Windows 10 Holographic for Business
O exemplo a seguir do Windows 10 Holographic for Business nega todos os aplicativos e permite que o conjunto mínimo de aplicativos de caixa de entrada habilite um dispositivo de trabalho e Configurações.
<RuleCollection Type="Appx" EnforcementMode="Enabled">
<FilePublisherRule Id="96B82A15-F841-499a-B674-963DC647762F"
Name="Allowlist BackgroundTaskHost"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="*"
BinaryName="BackgroundTaskHost*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="8D345CB2-AC5B-4b6b-8F0B-DCE3F6FB9259"
Name="Allowlist CertInstaller"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*"
ProductName="4c4ad968-7100-49de-8cd1-402e198d869e"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="9F07FB38-B952-4f3c-A17A-CE7EC8132987"
Name="Allowlist MigrationUI"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="MigrationUIApp"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="1C32E96F-2F44-4317-9D98-2F624147D7AE"
Name="Allowlist CredDiagHost"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="Microsoft.CredDialogHost"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="53DCC751-E92A-4d0a-84DF-E6EAC2A7C7CE"
Name="Allowlist Settings"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="SystemSettings"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="70D9E233-81F4-4707-B79D-58F9C3A6BFB1"
Name="Allowlist HoloShell"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="HoloShell"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="6557A9BC-BA1F-4b7d-90FD-8C620CA81906"
Name="Allowlist MSA"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="Microsoft.Windows.CloudExperienceHost"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="81CD98A6-82EC-443f-87F8-039B00DFBE78"
Name="Allowlist BrokerPlugin"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="Microsoft.AAD.BrokerPlugin"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="1330E03E-7D43-4e01-9853-40ED8CF62D10"
Name="Allowlist SignIn1"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="WebAuthBridgeInternetSso"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="107EC30A-2CEF-4ec1-B556-F7DAA7DF7998"
Name="Allowlist SignIn2"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="WebAuthBridgeInternet"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="F806AC17-3E31-4a83-92EB-6A34696478D1"
Name="Allowlist SignIn3"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="WebAuthBridgeIntranetSso"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="E8CAF694-2256-4516-BDCC-CDABF218573C"
Name="Allowlist SignIn4"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="WebAuthBrokerInternetSso"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="5918428D-B9A8-4810-8FB4-25AE5A25D5A7"
Name="Allowlist SignIn5"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="WebAuthBrokerInternet"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="C90D99E3-C3EE-47c5-B181-7E8C54FA66B3"
Name="Allowlist SignIn6"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="WebAuthBrokerIntranetSso"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="9CD87A91-FB48-480d-B788-3770A950CD03"
Name="Allowlist SignIn7"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="SignIn"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="DCF74448-C287-4195-9072-8F3649AB9305"
Name="Allowlist Cortana"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="Microsoft.Windows.Cortana"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="BE4FD0C4-527B-45a3-A5B8-F4EA00584779"
Name="Allowlist Cortana ListenUI"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="CortanaListenUI"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="336509A7-FFBA-48cb-81BD-8DF9060B3CF8"
Name="Allowlist Email and accounts"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="Microsoft.AccountsControl"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="55912F15-0B94-445b-80E1-83BC8F0E8999"
Name="Allowlist Device Portal PIN UX"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="holopairingapp"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
</RuleCollection>
Lista de bloqueios recomendada para Windows Proteção de Informações
O exemplo a seguir Windows 10, versão 1607, nega que aplicativos da Microsoft não habilitados conhecidos acessem dados corporativos como um aplicativo permitido. (Em vez disso, um administrador ainda pode usar uma regra isenta.) Essa prevenção garante que um administrador não torne esses aplicativos acidentalmente Windows Proteção de Informações permitidos e evite problemas de compatibilidade conhecidos relacionados à criptografia automática de arquivos com esses aplicativos.
Neste exemplo, Contoso é o nome do nó. É recomendável usar um GUID para esse nó.
<?xml version="1.0" encoding="utf-8"?>
<SyncML>
<SyncBody>
<Add>
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Contoso</LocURI>
</Target>
</Item>
</Add>
<Add>
<CmdID>2</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Contoso/EXE</LocURI>
</Target>
</Item>
</Add>
<Replace>
<CmdID>3</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Contoso/EXE/Policy</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
</Meta>
<Data>
<RuleCollection Type="Exe" EnforcementMode="Enabled">
<FilePublisherRule Id="b005eade-a5ee-4f5a-be45-d08fa557a4b2" Name="MICROSOFT OFFICE, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
<Exceptions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE" BinaryName="EXCEL.EXE">
<BinaryVersionRange LowSection="16.0.10336.20000" HighSection="*" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE" BinaryName="LYNC.EXE">
<BinaryVersionRange LowSection="16.0.10336.20000" HighSection="*" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE" BinaryName="LYNC99.EXE">
<BinaryVersionRange LowSection="16.0.10336.20000" HighSection="*" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE" BinaryName="MSOSYNC.EXE">
<BinaryVersionRange LowSection="16.0.10336.20000" HighSection="*" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE" BinaryName="OCPUBMGR.EXE">
<BinaryVersionRange LowSection="16.0.10336.20000" HighSection="*" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE" BinaryName="POWERPNT.EXE">
<BinaryVersionRange LowSection="16.0.10336.20000" HighSection="*" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE" BinaryName="UCMAPI.EXE">
<BinaryVersionRange LowSection="16.0.10336.20000" HighSection="*" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE" BinaryName="WINWORD.EXE">
<BinaryVersionRange LowSection="16.0.10336.20000" HighSection="*" />
</FilePublisherCondition>
</Exceptions>
</FilePublisherRule>
<FilePublisherRule Id="de9f3461-6856-405d-9624-a80ca701f6cb" Name="MICROSOFT OFFICE 2003, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2003" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="ade1b828-7055-47fc-99bc-432cf7d1209e" Name="2007 MICROSOFT OFFICE SYSTEM, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="2007 MICROSOFT OFFICE SYSTEM" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="f6a075b5-a5b5-4654-abd6-731dacb40d95" Name="MICROSOFT OFFICE ONENOTE, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE ONENOTE" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="12.0.9999.9999" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="0ec03b2f-e9a4-4743-ae60-6d29886cf6ae" Name="MICROSOFT OFFICE OUTLOOK, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE OUTLOOK" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="12.0.9999.9999" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="7b272efd-4105-4fb7-9d40-bfa597c6792a" Name="MICROSOFT OFFICE 2013, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2013" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="89d8a4d3-f9e3-423a-92ae-86e7333e2662" Name="MICROSOFT ONENOTE, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT ONENOTE" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
<Exceptions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT ONENOTE" BinaryName="ONENOTE.EXE">
<BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" />
</FilePublisherCondition>
</Exceptions>
</FilePublisherRule>
<FilePublisherRule Id="5a2138bd-8042-4ec5-95b4-f990666fbf61" Name="MICROSOFT OUTLOOK, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OUTLOOK" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
<Exceptions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OUTLOOK" BinaryName="OUTLOOK.EXE">
<BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" />
</FilePublisherCondition>
</Exceptions>
</FilePublisherRule>
<FilePublisherRule Id="3fc5f9c5-f180-435b-838f-2960106a3860" Name="MICROSOFT ONEDRIVE, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT ONEDRIVE" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
<Exceptions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT ONEDRIVE" BinaryName="ONEDRIVE.EXE">
<BinaryVersionRange LowSection="17.3.6386.0412" HighSection="*" />
</FilePublisherCondition>
</Exceptions>
</FilePublisherRule>
<FilePublisherRule Id="17d988ef-073e-4d92-b4bf-f477b2ecccb5" Name="MICROSOFT OFFICE 2016, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
<Exceptions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="LYNC.EXE">
<BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="LYNC99.EXE">
<BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="UCMAPI.EXE">
<BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="OCPUBMGR.EXE">
<BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="WINWORD.EXE">
<BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="EXCEL.EXE">
<BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="POWERPNT.EXE">
<BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="MSOSYNC.EXE">
<BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" />
</FilePublisherCondition>
</Exceptions>
</FilePublisherRule>
</RuleCollection>
</Data>
</Item>
</Replace>
<Final/>
</SyncBody>
</SyncML>
Tópicos relacionados
Comentários
Submeter e ver comentários