AppLocker 云解决方案提供商AppLocker CSP
AppLocker 配置服务提供程序用于指定允许或禁止哪些应用程序。The AppLocker configuration service provider is used to specify which applications are allowed or disallowed. 对于被阻止的应用,没有显示用户界面。There is no user interface shown for apps that are blocked.
下面以树格式显示 AppLocker 配置服务提供程序。The following shows the AppLocker configuration service provider in tree format.
./Vendor/MSFT
AppLocker
----ApplicationLaunchRestrictions
--------Grouping
------------EXE
----------------Policy
----------------EnforcementMode
----------------NonInteractiveProcessEnforcement
------------MSI
----------------Policy
----------------EnforcementMode
------------Script
----------------Policy
----------------EnforcementMode
------------StoreApps
----------------Policy
----------------EnforcementMode
------------DLL
----------------Policy
----------------EnforcementMode
----------------NonInteractiveProcessEnforcement
------------CodeIntegrity
----------------Policy
----EnterpriseDataProtection
--------Grouping
------------EXE
----------------Policy
------------StoreApps
----------------Policy
----LaunchControl
--------Grouping
------------EXE
----------------Policy
----------------EnforcementMode
------------StoreApps
----------------Policy
----------------EnforcementMode
----FamilySafety
--------Grouping
------------EXE
----------------Policy
----------------EnforcementMode
------------StoreApps
----------------Policy
----------------EnforcementMode
./Vendor/MSFT/AppLocker./Vendor/MSFT/AppLocker
定义 AppLocker 配置服务提供程序的根节点。Defines the root node for the AppLocker configuration service provider.
AppLocker/ApplicationLaunchRestrictionsAppLocker/ApplicationLaunchRestrictions
定义应用程序的限制。Defines restrictions for applications.
备注
创建允许的应用列表时,所有 收件箱 应用也会被阻止,并且你必须将它们包括在允许的应用列表中。When you create a list of allowed apps, all inbox apps are also blocked, and you must include them in your list of allowed apps. 不要忘记添加适用于电话、消息、设置、开始、电子邮件和帐户、工作和学校以及你需要的其他应用的收件箱应用。Don't forget to add the inbox apps for Phone, Messaging, Settings, Start, Email and accounts, Work and school, and other apps that you need.
在 Windows 10 移动版中,当你创建允许的应用列表时,依赖初始应用的 设置应用将被 阻止。In Windows 10 Mobile, when you create a list of allowed apps, the settings app that rely on splash apps are blocked. 若要取消阻止这些应用,你必须将它们包括在允许的应用列表中。To unblock these apps, you must include them in your list of allowed apps.
除非在注册中分组值是唯一的,否则无法正确支持删除/注销。Delete/unenrollment is not properly supported unless Grouping values are unique across enrollments. 如果多个注册使用相同的 Grouping 值,则注销将不会按预期工作,因为资源管理器会删除重复的 URI。If multiple enrollments use the same Grouping value, then unenrollment will not work as expected since there are duplicate URIs that get deleted by the resource manager. 为了防止此问题,分组值应包含一些随机性。To prevent this problem, the Grouping value should include some randomness. 最佳做法是使用随机生成的 GUID。The best practice is to use a randomly generated GUID. 但是,对节点的确切值没有要求。However, there is no requirement on the exact value of the node.
备注
应用策略或使用 AppLocker/ApplicationLaunchRestrictions/Grouping/CodeIntegrity/Policy URI 执行删除时,AppLocker CSP 将计划重启。The AppLocker CSP will schedule a reboot when a policy is applied or a deletion occurs using the AppLocker/ApplicationLaunchRestrictions/Grouping/CodeIntegrity/Policy URI.
其他信息:Additional information:
- 查找应用的发布者和产品名称 - 获取各种 Windows 应用的发布者和产品名称的分步指南。Find publisher and product name of apps - step-by-step guide for getting the publisher and product names for various Windows apps.
AppLocker/ApplicationLaunchRestrictions/GroupingAppLocker/ApplicationLaunchRestrictions/Grouping
分组节点是动态节点,对于给定注册或给定上下文节点, (数量可能) 。Grouping nodes are dynamic nodes, and there may be any number of them for a given enrollment (or a given context). 实际标识符由管理终结点选择,其工作是确定其用途,并且不会与它们定义的其他标识符发生冲突。The actual identifiers are selected by the management endpoint, whose job it is to determine what their purpose is, and to not conflict with other identifiers that they define.
不同的注册和上下文可能使用相同的颁发机构标识符,即使许多此类标识符同时处于活动状态。Different enrollments and contexts may use the same Authority identifier, even if many such identifiers are active at the same time.
支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/EXEAppLocker/ApplicationLaunchRestrictions/Grouping/EXE
定义启动可执行应用程序的限制。Defines restrictions for launching executable applications.
支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/EXE/PolicyAppLocker/ApplicationLaunchRestrictions/Grouping/EXE/Policy
策略节点定义用于启动可执行文件、Windows Installer 文件、脚本、存储应用和 DLL 文件的策略。Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. 给定 Policy 节点的内容正好是相应 AppLocker XML 策略中 RuleCollection 节点的 XML 格式。The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
数据类型为 string。Data type is string.
支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/EXE/EnforcementModeAppLocker/ApplicationLaunchRestrictions/Grouping/EXE/EnforcementMode
Windows 信息保护的 EnforcementMode 节点 (以前称为企业数据保护) EnterpriseDataProtection 的行为。The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. 策略 CSP 中的 EDPEnforcementLevel 应该用于启用和禁用 Windows 信息保护 (以前称为企业数据保护) 。The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
数据类型为字符串。The data type is a string.
支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/EXE/NonInteractiveProcessEnforcementAppLocker/ApplicationLaunchRestrictions/Grouping/EXE/NonInteractiveProcessEnforcement
数据类型为字符串。The data type is a string.
支持的操作包括 Add、Delete、Get 和 Replace。Supported operations are Add, Delete, Get, and Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/MSIAppLocker/ApplicationLaunchRestrictions/Grouping/MSI
定义执行 Windows Installer 文件的限制。Defines restrictions for executing Windows Installer files.
支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/MSI/PolicyAppLocker/ApplicationLaunchRestrictions/Grouping/MSI/Policy
策略节点定义用于启动可执行文件、Windows Installer 文件、脚本、存储应用和 DLL 文件的策略。Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. 给定 Policy 节点的内容正好是相应 AppLocker XML 策略中 RuleCollection 节点的 XML 格式。The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
数据类型为 string。Data type is string.
支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/MSI/EnforcementModeAppLocker/ApplicationLaunchRestrictions/Grouping/MSI/EnforcementMode
Windows 信息保护的 EnforcementMode 节点 (以前称为企业数据保护) EnterpriseDataProtection 的行为。The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. 策略 CSP 中的 EDPEnforcementLevel 应该用于启用和禁用 Windows 信息保护 (以前称为企业数据保护) 。The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
数据类型为字符串。The data type is a string.
支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/ScriptAppLocker/ApplicationLaunchRestrictions/Grouping/Script
定义运行脚本的限制。Defines restrictions for running scripts.
支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/Script/PolicyAppLocker/ApplicationLaunchRestrictions/Grouping/Script/Policy
策略节点定义用于启动可执行文件、Windows Installer 文件、脚本、存储应用和 DLL 文件的策略。Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. 给定 Policy 节点的内容正好是相应 AppLocker XML 策略中 RuleCollection 节点的 XML 格式。The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
数据类型为 string。Data type is string.
支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/Script/EnforcementModeAppLocker/ApplicationLaunchRestrictions/Grouping/Script/EnforcementMode
Windows 信息保护的 EnforcementMode 节点 (以前称为企业数据保护) EnterpriseDataProtection 的行为。The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. 策略 CSP 中的 EDPEnforcementLevel 应该用于启用和禁用 Windows 信息保护 (以前称为企业数据保护) 。The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
数据类型为字符串。The data type is a string.
支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/StoreAppsAppLocker/ApplicationLaunchRestrictions/Grouping/StoreApps
定义从 Microsoft Store 运行应用的限制。Defines restrictions for running apps from the Microsoft Store.
支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/StoreApps/PolicyAppLocker/ApplicationLaunchRestrictions/Grouping/StoreApps/Policy
策略节点定义用于启动可执行文件、Windows Installer 文件、脚本、存储应用和 DLL 文件的策略。Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. 给定 Policy 节点的内容正好是相应 AppLocker XML 策略中 RuleCollection 节点的 XML 格式。The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
数据类型为 string。Data type is string.
支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/StoreApps/EnforcementModeAppLocker/ApplicationLaunchRestrictions/Grouping/StoreApps/EnforcementMode
Windows 信息保护的 EnforcementMode 节点 (以前称为企业数据保护) EnterpriseDataProtection 的行为。The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. 策略 CSP 中的 EDPEnforcementLevel 应该用于启用和禁用 Windows 信息保护 (以前称为企业数据保护) 。The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
数据类型为字符串。The data type is a string.
支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/DLLAppLocker/ApplicationLaunchRestrictions/Grouping/DLL
定义处理 DLL 文件的限制。Defines restrictions for processing DLL files.
支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/DLL/PolicyAppLocker/ApplicationLaunchRestrictions/Grouping/DLL/Policy
策略节点定义用于启动可执行文件、Windows Installer 文件、脚本、存储应用和 DLL 文件的策略。Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. 给定 Policy 节点的内容正好是相应 AppLocker XML 策略中 RuleCollection 节点的 XML 格式。The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
数据类型为 string。Data type is string.
支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/DLL/EnforcementModeAppLocker/ApplicationLaunchRestrictions/Grouping/DLL/EnforcementMode
Windows 信息保护的 EnforcementMode 节点 (以前称为企业数据保护) EnterpriseDataProtection 的行为。The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. 策略 CSP 中的 EDPEnforcementLevel 应该用于启用和禁用 Windows 信息保护 (以前称为企业数据保护) 。The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).
数据类型为字符串。The data type is a string.
支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/DLL/NonInteractiveProcessEnforcementAppLocker/ApplicationLaunchRestrictions/Grouping/DLL/NonInteractiveProcessEnforcement
数据类型为字符串。The data type is a string.
支持的操作包括 Add、Delete、Get 和 Replace。Supported operations are Add, Delete, Get, and Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/CodeIntegrityAppLocker/ApplicationLaunchRestrictions/Grouping/CodeIntegrity
此节点仅在桌面上受支持。This node is only supported on the desktop.
支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.
AppLocker/ApplicationLaunchRestrictions/Grouping/CodeIntegrity/PolicyAppLocker/ApplicationLaunchRestrictions/Grouping/CodeIntegrity/Policy
策略节点定义用于启动可执行文件、Windows Installer 文件、脚本、存储应用和 DLL 文件的策略。Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. 给定 Policy 节点的内容正好是相应 AppLocker XML 策略中 RuleCollection 节点的 XML 格式。The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
数据类型为 Base64。Data type is Base64.
支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.
备注
若要使用代码完整性策略,首先需要使用 ConvertFrom-CIPolicy cmdlet 将策略转换为二进制格式。To use Code Integrity Policy, you first need to convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet. 然后,应创建二进制策略表示的 Base64 编码 blob (例如,使用 certutil -encode 命令行工具) 并添加到 Applocker-CSP。Then a Base64-encoded blob of the binary policy representation should be created (for example, using the certutil -encode command line tool) and added to the Applocker-CSP.
AppLocker/EnterpriseDataProtectionAppLocker/EnterpriseDataProtection
捕获允许处理企业数据的应用列表。Captures the list of apps that are allowed to handle enterprise data. 应该与 EnterpriseDataProtection CSP 中的 ./Device/Vendor/MSFT/EnterpriseDataProtection 中的设置结合使用。Should be used in conjunction with the settings in ./Device/Vendor/MSFT/EnterpriseDataProtection in EnterpriseDataProtection CSP.
在 Windows 10 版本 1607 中,Windows 信息保护具有允许和免除应用程序的概念。In Windows 10, version 1607 the Windows Information Protection has a concept for allowed and exempt applications. 允许的应用程序可以访问企业数据,并且这些应用程序处理的数据受加密保护。Allowed applications can access enterprise data and the data handled by those applications are protected with encryption. 豁免应用程序还可以访问企业数据,但由这些应用程序处理的数据不受保护。Exempt applications can also access enterprise data, but the data handled by those applications are not protected. 这是因为某些关键的企业应用程序可能遇到加密数据的兼容性问题。This is because some critical enterprise applications may have compatibility problems with encrypted data.
可以使用以下 URI 设置允许列表:You can set the allowed list using the following URI:
- ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Grouping/EXE/Policy./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Grouping/EXE/Policy
- ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Grouping/StoreApps/Policy./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Grouping/StoreApps/Policy
可以使用以下 URI 设置豁免列表。You can set the exempt list using the following URI. _分组字符串必须在_任意位置包含关键字"EdpExempt",以帮助区分豁免列表和允许列表。The Grouping string must contain the keyword "EdpExempt" anywhere to help distinguish the exempt list from the allowed list. "EdpExempt"关键字也以不区分大小写的方式进行评估:The "EdpExempt" keyword is also evaluated in a case-insensitive manner:
- ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Grouping includes "EdpExempt"/EXE/Policy./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Grouping includes "EdpExempt"/EXE/Policy
- ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Grouping includes "EdpExempt"/StoreApps/Policy./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Grouping includes "EdpExempt"/StoreApps/Policy
豁免示例:Exempt examples:
- ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/ContosoEdpExempt/EXE/Policy./Vendor/MSFT/AppLocker/EnterpriseDataProtection/ContosoEdpExempt/EXE/Policy
- ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/xxxxxEdpExemptxxxxx/EXE/Policy./Vendor/MSFT/AppLocker/EnterpriseDataProtection/xxxxxEdpExemptxxxxx/EXE/Policy
其他信息:Additional information:
- Windows 信息保护的建议 拒绝列表 - 例如,Windows 10 版本 1607 拒绝已知的非轻型 Microsoft 应用作为允许的应用访问企业数据。Recommended deny list for Windows Information Protection - example for Windows 10, version 1607 that denies known unenlightened Microsoft apps from accessing enterprise data as an allowed app. 这可确保管理员不会意外允许这些应用使用 Windows 信息保护,并避免与使用这些应用程序的自动文件加密相关的已知兼容性问题。This ensures an administrator does not accidentally make these apps Windows Information Protection allowed, and avoid known compatibility issues related to automatic file encryption with these applications.
AppLocker/EnterpriseDataProtection/GroupingAppLocker/EnterpriseDataProtection/Grouping
分组节点是动态节点,对于给定注册或给定上下文节点, (数量可能) 。Grouping nodes are dynamic nodes, and there may be any number of them for a given enrollment (or a given context). 实际标识符由管理终结点选择,其工作是确定其用途,并且不会与它们定义的其他标识符发生冲突。The actual identifiers are selected by the management endpoint, whose job it is to determine what their purpose is, and to not conflict with other identifiers that they define.
不同的注册和上下文可能使用相同的颁发机构标识符,即使许多此类标识符同时处于活动状态。Different enrollments and contexts may use the same Authority identifier, even if many such identifiers are active at the same time.
支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.
AppLocker/EnterpriseDataProtection/Grouping/EXEAppLocker/EnterpriseDataProtection/Grouping/EXE
定义启动可执行应用程序的限制。Defines restrictions for launching executable applications.
支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.
AppLocker/EnterpriseDataProtection/Grouping/EXE/PolicyAppLocker/EnterpriseDataProtection/Grouping/EXE/Policy
策略节点定义用于启动可执行文件、Windows Installer 文件、脚本、存储应用和 DLL 文件的策略。Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. 给定 Policy 节点的内容正好是相应 AppLocker XML 策略中 RuleCollection 节点的 XML 格式。The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
数据类型为 string。Data type is string.
支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.
AppLocker/EnterpriseDataProtection/Grouping/StoreAppsAppLocker/EnterpriseDataProtection/Grouping/StoreApps
定义从 Microsoft Store 运行应用的限制。Defines restrictions for running apps from the Microsoft Store.
支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.
AppLocker/EnterpriseDataProtection/Grouping/StoreApps/PolicyAppLocker/EnterpriseDataProtection/Grouping/StoreApps/Policy
策略节点定义用于启动可执行文件、Windows Installer 文件、脚本、存储应用和 DLL 文件的策略。Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. 给定 Policy 节点的内容正好是相应 AppLocker XML 策略中 RuleCollection 节点的 XML 格式。The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.
数据类型为 string。Data type is string.
支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.
查找应用的发布者和产品名称Find publisher and product name of apps
你可以将 Windows Phone (Windows 10 移动版版本 1511) 与桌面配对,使用手机上的 Device Portal 获取各种类型的信息,包括手机上安装的应用的发布者名称和产品名称。You can pair a Windows Phone (Windows 10 Mobile, version 1511) to your desktop using the Device Portal on the phone to get the various types of information, including publisher name and product name of apps installed on the phone. 此过程描述使用 WiFi 将手机配对到桌面。This procedure describes pairing your phone to your desktop using WiFi.
如果此过程不起作用,请尝试 Device Portal for Mobile 中所述的其他 配对方法。If this procedure does not work for you, try the other methods for pairing described in Device Portal for Mobile.
查找安装在 Windows 10 移动版上的应用的 Publisher 和 PackageFullNameTo find Publisher and PackageFullName for apps installed on Windows 10 Mobile
在 Windows Phone 上,转到"设置 "。On your Windows Phone, go to Settings. 选择 "更新&安全"。Choose Update & security. 然后选择"针对开发人员"。Then choose For developers.
选择 "开发人员模式"。Choose Developer mode.
打开设备 发现。Turn on Device discovery.
打开Device Portal 并保留AuthenticationOn。Turn on Device Portal and keep AuthenticationOn.
在 Device Portal 下的Connect using: WiFi下,将 URL 复制到桌面浏览器以使用 WiFi 进行连接。Under the Device Portal, under Connect using: WiFi, copy the URL to your desktop browser to connect using WiFi.
如果收到证书错误,请继续浏览网页。If you get a certificate error, continue to the web page.
如果收到有关未访问网页的错误,则应该尝试 Device Portal for Mobile 中所述的其他 配对方法。If you get an error about not reaching the web page, then you should try the other methods for pairing described in Device Portal for Mobile.
在手机上的"设备发现"下, 点击"配对"。On your phone under Device discovery, tap Pair. 你将获取一个代码 (区分大小写) 。You will get a code (case sensitive).
在浏览器的"设置访问"页上,将区分大小写 (代码输入) ,然后单击"提交 "。On the browser on the Set up access page, enter the code (case sensitive) into the text box and click Submit.
"Device Portal" 页将在您的浏览器上打开。The Device Portal page opens on your browser.
在桌面 Device Portal 页面上 ,单击 应用 以打开 应用管理器。On the desktop Device Portal page, click Apps to open the App Manager.
在"应用管理器" 页面的"运行应用"下,你将看到应用的 Publisher和PackageFullName。On the App Manager page under Running apps, you will see the Publisher and PackageFullName of apps.
如果看不到想要的应用,请参阅已安装的应用 下。If you do not see the app that you want, look under Installed apps. 使用下拉菜单,单击应用程序,然后显示版本、发布者和 PackageFullName。Using the drop down menu, click on the application and you get the Version, Publisher, and PackageFullName displayed.
下表显示了信息到 AppLocker 发布者规则字段的映射。The following table show the mapping of information to the AppLocker publisher rule field.
| 设备门户数据Device portal data | AppLocker 发布者规则字段AppLocker publisher rule field |
|---|---|
PackageFullNamePackageFullName |
ProductNameProductName 产品名称是 PackageFullName 的第一部分,后跟版本号。The product name is first part of the PackageFullName followed by the version number. 在 Windows 相机示例中,ProductName 为 Microsoft.WindowsCamera。In the Windows Camera example, the ProductName is Microsoft.WindowsCamera. |
发布者Publisher |
发布者Publisher |
版本Version |
版本Version 这可以在 BinaryVersionRange 的 HighSection 或 LowSection 中使用。This can be used either in the HighSection or LowSection of the BinaryVersionRange. HighSection 定义最高版本号,LowSection 定义应信任的最低版本号。HighSection defines the highest version number and LowSection defines the lowest version number that should be trusted. 可以使用这两个版本的通配符使规则与版本无关。You can use a wildcard for both versions to make a version independent rule. 将通配符用于其中一个值将提供高于或低于特定版本语义。Using a wildcard for one of the values will provide higher than or lower than a specific version semantics. |
下面是 AppLocker 发布者规则的示例:Here is an example AppLocker publisher rule:
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Reader" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
可以使用 Web API 获取应用的发布者名称和产品名称。You can get the publisher name and product name of apps using a web API.
在适用于企业 Microsoft Store 中查找 Microsoft 应用的发布者和产品名称To find publisher and product name for Microsoft apps in Microsoft Store for Business
转到适用于企业的 Microsoft Store 网站,然后查找你的应用。Go to the Microsoft Store for Business website, and find your app. 例如,Microsoft OneNote。For example, Microsoft OneNote.
从应用 URL 中复制 ID 值。Copy the ID value from the app URL. 例如,Microsoft OneNote 的 ID URL 是 ,你要复制 https://www.microsoft.com/store/apps/onenote/9wzdncrfhvjl ID 值 9wzdncrfhvjl。For example, Microsoft OneNote's ID URL is https://www.microsoft.com/store/apps/onenote/9wzdncrfhvjl, and you'd copy the ID value, 9wzdncrfhvjl.
在浏览器中,运行适用于企业应用商店门户 Web API,以返回包含发布者和产品名称值的 JavaScript (JSON) 文件。In your browser, run the Store for Business portal web API, to return a JavaScript Object Notation (JSON) file that includes the publisher and product name values.
请求 URIRequest URI https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/{app ID}/applockerdata
下面是 Microsoft OneNote 的示例:Here is the example for Microsoft OneNote:
请求Request
https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9wzdncrfhvjl/applockerdata
结果Result
{
"packageFamilyName": "Microsoft.Office.OneNote_8wekyb3d8bbwe",
"packageIdentityName": "Microsoft.Office.OneNote",
"windowsPhoneLegacyId": "ca05b3ab-f157-450c-8c49-a1f127f5e71d",
"publisherCertificateName": "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
}
| 结果数据Result data | AppLocker 发布者规则字段AppLocker publisher rule field |
|---|---|
packageIdentityNamepackageIdentityName |
ProductNameProductName |
publisherCertificateNamepublisherCertificateName |
发布者Publisher |
windowsPhoneLegacyIdwindowsPhoneLegacyId |
相同的值映射到 ProductName 和 Publisher 名称Same value maps to the ProductName and Publisher name 只有当存在与应用商店中的应用关联的 XAP 程序包时,此值才存在。This value will only be present if there is a XAP package associated with the app in the Store. 如果填充了此值,那么涵盖 AppX 和 XAP 程序包的简单操作就是为应用创建两个规则。If this value is populated then the simple thing to do to cover both the AppX and XAP package would be to create two rules for the app. AppX 的一个规则使用 packageIdentityName 和 publisherCertificateName 值,另一个规则使用 windowsPhoneLegacyId 值。One rule for AppX using the packageIdentityName and publisherCertificateName value and another one using the windowsPhoneLegacyId value. |
依赖于初始应用的设置应用Settings apps that rely on splash apps
在 Windows 10 移动版中创建允许的应用列表时,还必须在允许的应用列表中包含依赖于初始应用的"设置"应用的子集。When you create a list of allowed apps in Windows 10 Mobile, you must also include the subset of Settings apps that rely on splash apps in your list of allowed apps. 除非这些应用显式添加到允许的应用列表中,否则将阻止这些应用。These apps are blocked unless they are explicitly added to the list of allowed apps. 下表显示了依赖于初始应用的"设置"应用的子集。The following table shows the subset of Settings apps that rely on splash apps .
产品名称是 PackageFullName 的第一部分,后跟版本号。The product name is first part of the PackageFullName followed by the version number.
| 设置应用名称Settings app name | PackageFullName 或产品名称PackageFullName or Product name | ProductIDProductID |
|---|---|---|
| 工作或学校帐户Work or school account | Microsoft.AAD.BrokerPluginMicrosoft.AAD.BrokerPlugin | e5f8b2c4-75ae-45ee-9be8-212e34f77747e5f8b2c4-75ae-45ee-9be8-212e34f77747 |
| 电子邮件和帐户Email and accounts | Microsoft.AccountsControlMicrosoft.AccountsControl | 39cf127b-8c67-c149-539a-c02271d0706039cf127b-8c67-c149-539a-c02271d07060 |
| SettingsPageKeyboardSettingsPageKeyboard | 5b04b775-356b-4aa0-aaf8-6491ffea5608_1.1.0.0_neutral__cw8ffb7c56vgc5b04b775-356b-4aa0-aaf8-6491ffea5608_1.1.0.0_neutral__cw8ffb7c56vgc | 5b04b775-356b-4aa0-aaf8-6491ffea56085b04b775-356b-4aa0-aaf8-6491ffea5608 |
| SettingsPageTimeRegionSettingsPageTimeRegion | 5b04b775-356b-4aa0-aaf8-6491ffea560c_1.0.0.0_neutral__gqhq4qhgje4fw5b04b775-356b-4aa0-aaf8-6491ffea560c_1.0.0.0_neutral__gqhq4qhgje4fw | 5b04b775-356b-4aa0-aaf8-6491ffea560c5b04b775-356b-4aa0-aaf8-6491ffea560c |
| SettingsPagePCSystemBluetoothSettingsPagePCSystemBluetooth | 5b04b775-356b-4aa0-aaf8-6491ffea5620_1.0.0.0_neutral__nvaj48k0z8te85b04b775-356b-4aa0-aaf8-6491ffea5620_1.0.0.0_neutral__nvaj48k0z8te8 | 5b04b775-356b-4aa0-aaf8-6491ffea56205b04b775-356b-4aa0-aaf8-6491ffea5620 |
| SettingsPageNetworkAirplaneModeSettingsPageNetworkAirplaneMode | 5b04b775-356b-4aa0-aaf8-6491ffea5621_1.0.0.0_neutral__f73kmnfsk0aj25b04b775-356b-4aa0-aaf8-6491ffea5621_1.0.0.0_neutral__f73kmnfsk0aj2 | 5b04b775-356b-4aa0-aaf8-6491ffea56215b04b775-356b-4aa0-aaf8-6491ffea5621 |
| SettingsPageNetworkWiFiSettingsPageNetworkWiFi | 5b04b775-356b-4aa0-aaf8-6491ffea5623_1.0.0.0_neutral__a3jhh70a240gm5b04b775-356b-4aa0-aaf8-6491ffea5623_1.0.0.0_neutral__a3jhh70a240gm | 5b04b775-356b-4aa0-aaf8-6491ffea56235b04b775-356b-4aa0-aaf8-6491ffea5623 |
| SettingsPageNetworkInternetSharingSettingsPageNetworkInternetSharing | 5b04b775-356b-4aa0-aaf8-6491ffea5629_1.0.0.0_neutral__yqcw9dmx6t3pe5b04b775-356b-4aa0-aaf8-6491ffea5629_1.0.0.0_neutral__yqcw9dmx6t3pe | 5b04b775-356b-4aa0-aaf8-6491ffea56295b04b775-356b-4aa0-aaf8-6491ffea5629 |
| SettingsPageAccountsWorkplaceSettingsPageAccountsWorkplace | 5b04b775-356b-4aa0-aaf8-6491ffea562a_1.0.0.0_neutral__q1wjbr14bc3d05b04b775-356b-4aa0-aaf8-6491ffea562a_1.0.0.0_neutral__q1wjbr14bc3d0 | 5b04b775-356b-4aa0-aaf8-6491ffea562a5b04b775-356b-4aa0-aaf8-6491ffea562a |
| SettingsPageRestoreUpdateSettingsPageRestoreUpdate | 5b04b775-356b-4aa0-aaf8-6491ffea5640_1.0.0.0_neutral__j77gbj5kz730y5b04b775-356b-4aa0-aaf8-6491ffea5640_1.0.0.0_neutral__j77gbj5kz730y | 5b04b775-356b-4aa0-aaf8-6491ffea56405b04b775-356b-4aa0-aaf8-6491ffea5640 |
| SettingsPageKidsCornerSettingsPageKidsCorner | 5b04b775-356b-4aa0-aaf8-6491ffea5802_1.0.0.0_neutral__1wmss2z3sft8c5b04b775-356b-4aa0-aaf8-6491ffea5802_1.0.0.0_neutral__1wmss2z3sft8c | 5b04b775-356b-4aa0-aaf8-6491ffea58025b04b775-356b-4aa0-aaf8-6491ffea5802 |
| SettingsPageDrivingModeSettingsPageDrivingMode | 5b04b775-356b-4aa0-aaf8-6491ffea5804_1.0.0.0_neutral__t553967svy34g5b04b775-356b-4aa0-aaf8-6491ffea5804_1.0.0.0_neutral__t553967svy34g | 5b04b775-356b-4aa0-aaf8-6491ffea58045b04b775-356b-4aa0-aaf8-6491ffea5804 |
| SettingsPageTimeLanguageSettingsPageTimeLanguage | 5b04b775-356b-4aa0-aaf8-6491ffea5808_1.0.0.0_neutral__ecxasj38g8ynw5b04b775-356b-4aa0-aaf8-6491ffea5808_1.0.0.0_neutral__ecxasj38g8ynw | 5b04b775-356b-4aa0-aaf8-6491ffea58085b04b775-356b-4aa0-aaf8-6491ffea5808 |
| SettingsPageAppsCornerSettingsPageAppsCorner | 5b04b775-356b-4aa0-aaf8-6491ffea580a_1.0.0.0_neutral__4vefaa8deck745b04b775-356b-4aa0-aaf8-6491ffea580a_1.0.0.0_neutral__4vefaa8deck74 | 5b04b775-356b-4aa0-aaf8-6491ffea580a5b04b775-356b-4aa0-aaf8-6491ffea580a |
| SettingsPagePhoneNfcSettingsPagePhoneNfc | b0894dfd-4671-4bb9-bc17-a8b39947ffb6_1.0.0.0_neutral__1prqnbg33c1tjb0894dfd-4671-4bb9-bc17-a8b39947ffb6_1.0.0.0_neutral__1prqnbg33c1tj | b0894dfd-4671-4bb9-bc17-a8b39947ffb6b0894dfd-4671-4bb9-bc17-a8b39947ffb6 |
收件箱应用和组件Inbox apps and components
以下列表显示了收件箱中可能包含的应用。The following list shows the apps that may be included in the inbox.
备注
此列表标识了作为 Windows 的一部分提供的系统应用,你可以将其添加到 AppLocker 策略以确保操作系统正常运行。This list identifies system apps that ship as part of Windows that you can add to your AppLocker policy to ensure proper functioning of the operating system. 如果你决定阻止其中一些应用,我们建议在部署到生产环境之前进行全面测试。If you decide to block some of these apps, we recommend a thorough testing before deploying to your production environment. 如果不这样做,可能会导致意外失败,并且可能会显著降低用户体验。Failure to do so may result in unexpected failures and can significantly degrade the user experience.
| 应用App | 产品 IDProduct ID | 产品名称Product name |
|---|---|---|
| 3D 查看器3D Viewer | f41647c9-d567-4378-b2ab-7924e5a152f3f41647c9-d567-4378-b2ab-7924e5a152f3 | Microsoft.Microsoft3DViewerMicrosoft.Microsoft3DViewer (Windows 10 版本 1703 中) (Added in Windows 10, version 1703) |
| 高级信息Advanced info | b6e3e590-9fa5-40c0-86ac-ef475de98e88b6e3e590-9fa5-40c0-86ac-ef475de98e88 | b6e3e590-9fa5-40c0-86ac-ef475de98e88b6e3e590-9fa5-40c0-86ac-ef475de98e88 |
| 年龄工作者Age out worker | 09296e27-c9f3-4ab9-aa76-ecc4497d94bb09296e27-c9f3-4ab9-aa76-ecc4497d94bb | |
| 闹钟和时钟Alarms and clock | 44f7d2b4-553d-4bec-a8b7-634ce897ed5f44f7d2b4-553d-4bec-a8b7-634ce897ed5f | Microsoft.WindowsAlarmsMicrosoft.WindowsAlarms |
| 应用下载App downloads | 20bf77a0-19c7-4daa-8db5-bc3dfdfa44ac20bf77a0-19c7-4daa-8db5-bc3dfdfa44ac | |
| 分配的访问权限锁定应用Assigned access lock app | b84f4722-313e-4f85-8f41-cf5417c9c5cbb84f4722-313e-4f85-8f41-cf5417c9c5cb | |
| 必应锁定图像Bing lock images | 5f28c179-2780-41df-b966-27807b8de02c5f28c179-2780-41df-b966-27807b8de02c | |
| 阻止和筛选Block and filter | 59553c14-5701-49a2-9909-264d034deb3d59553c14-5701-49a2-9909-264d034deb3d | |
| 代理插件 (工作或学校帐户) Broker plug-in (same as Work or school account) | Microsoft.AAD.BrokerPluginMicrosoft.AAD.BrokerPlugin | |
| 计算器Calculator | b58171c6-c70c-4266-a2e8-8f9c994f4456b58171c6-c70c-4266-a2e8-8f9c994f4456 | Microsoft.WindowsCalculatorMicrosoft.WindowsCalculator |
| 相机Camera | f0d8fefd-31cd-43a1-a45a-d0276db069f1f0d8fefd-31cd-43a1-a45a-d0276db069f1 | Microsoft.WindowsCameraMicrosoft.WindowsCamera |
| CertInstallerCertInstaller | 4c4ad968-7100-49de-8cd1-402e198d869e4c4ad968-7100-49de-8cd1-402e198d869e | |
| 颜色配置文件Color profile | b08997ca-60ab-4dce-b088-f92e9c7994f3b08997ca-60ab-4dce-b088-f92e9c7994f3 | |
| 连接Connect | af7d2801-56c0-4eb1-824b-dd91cdf7ece5af7d2801-56c0-4eb1-824b-dd91cdf7ece5 | Microsoft.DevicesFlowMicrosoft.DevicesFlow |
| 联系支持人员Contact Support | 0db5fcff-4544-458a-b320-e352dfd9ca2b0db5fcff-4544-458a-b320-e352dfd9ca2b | Windows.ContactSupportWindows.ContactSupport |
| CortanaCortana | fd68dcf4-166f-4c55-a4ca-348020f71b94fd68dcf4-166f-4c55-a4ca-348020f71b94 | Microsoft.Windows.CortanaMicrosoft.Windows.Cortana |
| Cortana 侦听 UICortana Listen UI | CortanaListenUICortanaListenUI | |
| 凭据对话框主机Credentials Dialog Host | Microsoft.CredDialogHostMicrosoft.CredDialogHost | |
| Device Portal PIN UXDevice Portal PIN UX | holopairingappholopairingapp | |
| 电子邮件和帐户Email and accounts | 39cf127b-8c67-c149-539a-c02271d0706039cf127b-8c67-c149-539a-c02271d07060 | Microsoft.AccountsControlMicrosoft.AccountsControl |
| 企业安装应用Enterprise install app | da52fa01-ac0f-479d-957f-bfe4595941cbda52fa01-ac0f-479d-957f-bfe4595941cb | |
| 均衡器Equalizer | 373cb76e-7f6c-45aa-8633-b00e85c73261373cb76e-7f6c-45aa-8633-b00e85c73261 | |
| ExcelExcel | ead3e7c0-fae6-4603-8699-6a448138f4dcead3e7c0-fae6-4603-8699-6a448138f4dc | Microsoft.Office.ExcelMicrosoft.Office.Excel |
| FacebookFacebook | 82a23635-5bd9-df11-a844-00237de2db9e82a23635-5bd9-df11-a844-00237de2db9e | Microsoft.MSSoftMicrosoft.MSFacebook |
| Field MedicField Medic | 73c58570-d5a7-46f8-b1b2-2a90024fc29c73c58570-d5a7-46f8-b1b2-2a90024fc29c | |
| 文件资源管理器File Explorer | c5e2524a-ea46-4f67-841f-6a9465d9d515c5e2524a-ea46-4f67-841f-6a9465d9d515 | c5e2524a-ea46-4f67-841f-6a9465d9d515c5e2524a-ea46-4f67-841f-6a9465d9d515 |
| 调频广播FM Radio | f725010e-455d-4c09-ac48-bcdef0d4b626f725010e-455d-4c09-ac48-bcdef0d4b626 | f725010e-455d-4c09-ac48-bcdef0d4b626f725010e-455d-4c09-ac48-bcdef0d4b626 |
| 入门Get Started | b3726308-3d74-4a14-a84c-867c8c735c3cb3726308-3d74-4a14-a84c-867c8c735c3c | Microsoft.GetstartedMicrosoft.Getstarted |
| 概览Glance | 106e0a97-8b19-42cf-8879-a8ed2598fcbb106e0a97-8b19-42cf-8879-a8ed2598fcbb | |
| Groove 音乐Groove Music | d2b6a184-da39-4c9a-9e0a-8b589b03dec0d2b6a184-da39-4c9a-9e0a-8b589b03dec0 | Microsoft.ZuneMusicMicrosoft.ZuneMusic |
| Hands-Free激活Hands-Free Activation | df6c9621-e873-4e86-bb56-93e9f21b1d6fdf6c9621-e873-4e86-bb56-93e9f21b1d6f | |
| Hands-Free激活Hands-Free Activation | 72803bd5-4f36-41a4-a349-e83e027c472272803bd5-4f36-41a4-a349-e83e027c4722 | |
| HAP 更新后台工作线程HAP update background worker | 73c73cdd-4dea-462c-bd83-fa983056a4ef73c73cdd-4dea-462c-bd83-fa983056a4ef | |
| 全息 ShellHolographic Shell | HoloShellHoloShell | |
| Lumia 运动数据Lumia motion data | 8fc25fd2-4e2e-4873-be44-20e57f6ec52b8fc25fd2-4e2e-4873-be44-20e57f6ec52b | |
| 地图Maps | ed27a07e-af57-416b-bc0c-2596b622ef7ded27a07e-af57-416b-bc0c-2596b622ef7d | Microsoft.WindowsMapsMicrosoft.WindowsMaps |
| 消息Messaging | 27e26f40-e031-48a6-b130-d1f20388991a27e26f40-e031-48a6-b130-d1f20388991a | Microsoft.MessagingMicrosoft.Messaging |
| Microsoft 帐户Microsoft account | 3a4fae89-7b7e-44b4-867b-f7e2772b82533a4fae89-7b7e-44b4-867b-f7e2772b8253 | Microsoft.CloudExperienceHostMicrosoft.CloudExperienceHost |
| Microsoft EdgeMicrosoft Edge | 395589fb-5884-4709-b9df-f7d558663ffd395589fb-5884-4709-b9df-f7d558663ffd | Microsoft.MicrosoftEdgeMicrosoft.MicrosoftEdge |
| Microsoft FrameworkMicrosoft Frameworks | ProductID = 00000000-0000-0000-0000-000000000000ProductID = 00000000-0000-0000-0000-000000000000
PublisherName= " CN=Microsoft Corporation,O=Microsoft Corporation, L=Redmond, S=Washington, C=US"PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" |
|
| 迁移 UIMigration UI | MigrationUIAppMigrationUIApp | |
| MiracastViewMiracastView | 906beeda-b7e6-4ddc-ba8d-ad5031223ef9906beeda-b7e6-4ddc-ba8d-ad5031223ef9 | 906beeda-b7e6-4ddc-ba8d-ad5031223ef9906beeda-b7e6-4ddc-ba8d-ad5031223ef9 |
| 混合现实门户Mixed Reality Portal | Microsoft.Windows.HolographicFirstRunMicrosoft.Windows.HolographicFirstRun | |
| 财经Money | 1e0440f1-7abf-4b9a-863d-177970eefb5e1e0440f1-7abf-4b9a-863d-177970eefb5e | Microsoft.BingFinanceMicrosoft.BingFinance |
| 电影和电视Movies and TV | 6affe59e-0467-4701-851f-7ac026e216656affe59e-0467-4701-851f-7ac026e21665 | Microsoft.ZuneVideoMicrosoft.ZuneVideo |
| 音乐下载Music downloads | 3da8a0c1-f7e5-47c0-a680-be8fd013f7473da8a0c1-f7e5-47c0-a680-be8fd013f747 | |
| 导航栏Navigation bar | 2cd23676-8f68-4d07-8dd2-e693d4b012792cd23676-8f68-4d07-8dd2-e693d4b01279 | |
| 网络服务Network services | 62f172d1-f552-4749-871c-2afd1c95c24562f172d1-f552-4749-871c-2afd1c95c245 | |
| 新闻News | 9c3e8cad-6702-4842-8f61-b8b33cc9caf19c3e8cad-6702-4842-8f61-b8b33cc9caf1 | Microsoft.BingNewsMicrosoft.BingNews |
| OneDriveOneDrive | ad543082-80ec-45bb-aa02-ffe7f4182ba8ad543082-80ec-45bb-aa02-ffe7f4182ba8 | Microsoft.MicrosoftSkydriveMicrosoft.MicrosoftSkydrive |
| OneNoteOneNote | ca05b3ab-f157-450c-8c49-a1f127f5e71dca05b3ab-f157-450c-8c49-a1f127f5e71d | Microsoft.Office.OneNoteMicrosoft.Office.OneNote |
| Outlook 日历和邮件Outlook Calendar and Mail | a558feba-85d7-4665-b5d8-a2ff9c19799ba558feba-85d7-4665-b5d8-a2ff9c19799b | Microsoft.WindowsCommunicationsAppsMicrosoft.WindowsCommunicationsApps |
| 人脉People | 60be1fb8-3291-4b21-bd39-2221ab16648160be1fb8-3291-4b21-bd39-2221ab166481 | Microsoft.PeopleMicrosoft.People |
| 电话Phone | 5b04b775-356b-4aa0-aaf8-6491ffea56115b04b775-356b-4aa0-aaf8-6491ffea5611 | 5b04b775-356b-4aa0-aaf8-6491ffea56115b04b775-356b-4aa0-aaf8-6491ffea5611 |
| 电话(拨号程序)Phone (dialer) | f41b5d0e-ee94-4f47-9cfe-3d3934c5a2c7f41b5d0e-ee94-4f47-9cfe-3d3934c5a2c7 | Microsoft.CommsPhoneMicrosoft.CommsPhone |
| 电话重置对话框Phone reset dialog | 2864278d-09b5-46f7-b502-1c24139ecbdd2864278d-09b5-46f7-b502-1c24139ecbdd | |
| 照片Photos | fca55e1b-b9a4-4289-882f-084ef4145005fca55e1b-b9a4-4289-882f-084ef4145005 | Microsoft.Windows.PhotosMicrosoft.Windows.Photos |
| 播客Podcasts | c3215724-b279-4206-8c3e-61d1a9d63ed3c3215724-b279-4206-8c3e-61d1a9d63ed3 | Microsoft.MSPodcastMicrosoft.MSPodcast |
| 播客下载Podcast downloads | 063773e7-f26f-4a92-81f0-aa71a1161e30063773e7-f26f-4a92-81f0-aa71a1161e30 | |
| PowerPointPowerPoint | b50483c4-8046-4e1b-81ba-590b24935798b50483c4-8046-4e1b-81ba-590b24935798 | Microsoft.Office.PowerPointMicrosoft.Office.PowerPoint |
| PrintDialogPrintDialog | 0d32eeb1-32f0-40da-8558-cea6fcbec4a40d32eeb1-32f0-40da-8558-cea6fcbec4a4 | Microsoft.PrintDialogMicrosoft.PrintDialog |
| 购买对话框Purchase dialog | c60e79ca-063b-4e5d-9177-1309357b2c3fc60e79ca-063b-4e5d-9177-1309357b2c3f | |
| 为设备评分Rate your device | aec3bfad-e38c-4994-9c32-50bd030730ecaec3bfad-e38c-4994-9c32-50bd030730ec | |
| RingtoneApp.WindowsPhoneRingtoneApp.WindowsPhone | 3e962450-486b-406b-abb5-d38b4ee7e6fe3e962450-486b-406b-abb5-d38b4ee7e6fe | Microsoft.TonepickerMicrosoft.Tonepicker |
| 保存铃声Save ringtone | d8cf8ec7-ec6d-4892-aab9-1e3a4b5fa24bd8cf8ec7-ec6d-4892-aab9-1e3a4b5fa24b | |
| “设置”Settings | 2a4e62d8-8809-4787-89f8-69d0f01654fb2a4e62d8-8809-4787-89f8-69d0f01654fb | 2a4e62d8-8809-4787-89f8-69d0f01654fb2a4e62d8-8809-4787-89f8-69d0f01654fb |
| “设置”Settings | SystemSettingsSystemSettings | |
| 安装向导Setup wizard | 07d87655-e4f0-474b-895a-773790ad4a3207d87655-e4f0-474b-895a-773790ad4a32 | |
| 共享Sharing | b0894dfd-4671-4bb9-bc17-a8b39947ffb6b0894dfd-4671-4bb9-bc17-a8b39947ffb6 | |
| 登录 Windows 10 全息版Sign-in for Windows 10 Holographic | WebAuthBridgeInternetSso、WebAuthBridgeInternet、WebAuthBridgeIntranetSso、WebAuthBrokerInternetSso、WebAuthBrokerInternetSso、WebAuthBrokerInternetSso、WebAuthBrokerInternetInternet、WebAuthBrokerIntranetSso、SignInWebAuthBridgeInternetSso, WebAuthBridgeInternet, WebAuthBridgeIntranetSso, WebAuthBrokerInternetSso, WebAuthBrokerInternetSso, WebAuthBrokerInternetSso, WebAuthBrokerInternet, WebAuthBrokerIntranetSso, SignIn | |
| SkypeSkype | c3f8e570-68b3-4d6a-bdbb-c0a3f4360a51c3f8e570-68b3-4d6a-bdbb-c0a3f4360a51 | Microsoft.SkypeAppMicrosoft.SkypeApp |
| Skype 视频Skype Video | 27e26f40-e031-48a6-b130-d1f20388991a27e26f40-e031-48a6-b130-d1f20388991a | Microsoft.MessagingMicrosoft.Messaging |
| 体育Sports | 0f4c8c7e-7114-4e1e-a84c-50664db13b170f4c8c7e-7114-4e1e-a84c-50664db13b17 | Microsoft.BingSportsMicrosoft.BingSports |
| SSMHostSSMHost | e232aa77-2b6d-442c-b0c3-f3bb9788af2ae232aa77-2b6d-442c-b0c3-f3bb9788af2a | |
| “开始”菜单Start | 5b04b775-356b-4aa0-aaf8-6491ffea56025b04b775-356b-4aa0-aaf8-6491ffea5602 | 5b04b775-356b-4aa0-aaf8-6491ffea56025b04b775-356b-4aa0-aaf8-6491ffea5602 |
| 存储Storage | 5b04b775-356b-4aa0-aaf8-6491ffea564d5b04b775-356b-4aa0-aaf8-6491ffea564d | 5b04b775-356b-4aa0-aaf8-6491ffea564d5b04b775-356b-4aa0-aaf8-6491ffea564d |
| 应用商店Store | 7d47d89a-7900-47c5-93f2-46eb6d94c1597d47d89a-7900-47c5-93f2-46eb6d94c159 | Microsoft.WindowsStoreMicrosoft.WindowsStore |
| 触摸 (手势和触摸) Touch (gestures and touch) | bbc57c87-46af-4c2c-824e-ac8104cceb38bbc57c87-46af-4c2c-824e-ac8104cceb38 | |
| 语音录音机Voice recorder | 7311b9c5-a4e9-4c74-bc3c-55b06ba95ad07311b9c5-a4e9-4c74-bc3c-55b06ba95ad0 | Microsoft.WindowsSoundRecorderMicrosoft.WindowsSoundRecorder |
| 电子钱包Wallet | 587a4577-7868-4745-a29e-f996203f1462587a4577-7868-4745-a29e-f996203f1462 | Microsoft.MicrosoftWalletMicrosoft.MicrosoftWallet |
| 电子钱包Wallet | 12ae577e-f8d1-4197-a207-4d24c309ff8f12ae577e-f8d1-4197-a207-4d24c309ff8f | Microsoft.WalletMicrosoft.Wallet |
| 天气Weather | 63c2a117-8604-44e7-8cef-df10be3a57c863c2a117-8604-44e7-8cef-df10be3a57c8 | Microsoft.BingWeatherMicrosoft.BingWeather |
| Windows 默认锁屏界面Windows default lock screen | cdd63e31-9307-4ccb-ab62-1ffa5721b503cdd63e31-9307-4ccb-ab62-1ffa5721b503 | |
| Windows 反馈Windows Feedback | 7604089d-d13f-4a2d-9998-33fc02b63ce37604089d-d13f-4a2d-9998-33fc02b63ce3 | Microsoft.WindowsFeedbackMicrosoft.WindowsFeedback |
| 文字Word | 258f115c-48f4-4adb-9a68-1387e634459b258f115c-48f4-4adb-9a68-1387e634459b | Microsoft.Office.WordMicrosoft.Office.Word |
| 工作或学校帐户Work or school account | e5f8b2c4-75ae-45ee-9be8-212e34f77747e5f8b2c4-75ae-45ee-9be8-212e34f77747 | Microsoft.AAD.BrokerPluginMicrosoft.AAD.BrokerPlugin |
| XboxXbox | b806836f-eebe-41c9-8669-19e243b81b83b806836f-eebe-41c9-8669-19e243b81b83 | Microsoft.XboxAppMicrosoft.XboxApp |
| Xbox 标识提供程序Xbox identity provider | ba88225b-059a-45a2-a8eb-d3580283e49dba88225b-059a-45a2-a8eb-d3580283e49d | Microsoft.XboxIdentityProviderMicrosoft.XboxIdentityProvider |
允许列表示例Allow list examples
以下示例禁用日历应用程序。The following example disables the calendar application.
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Add>
<CmdID>$CmdID$</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/PolicyManager/My/ApplicationManagement/ApplicationRestrictions</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
<Type xmlns="syncml:metinf">text/plain</Type>
</Meta>
<Data><AppPolicy Version="1" xmlns="http://schemas.microsoft.com/phone/2013/policy"><Deny><App ProductId="{a558feba-85d7-4665-b5d8-a2ff9c19799b}"/></Deny></AppPolicy>
</Data>
</Item>
</Add>
<Final/>
</SyncBody>
</SyncML>
以下示例阻止使用地图应用程序。The following example blocks the usage of the map application.
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Add>
<CmdID>$CmdID$</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/AppLockerPhoneGroup0/StoreApps/Policy</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
</Meta>
<Data>
<RuleCollection Type="Appx" EnforcementMode="Enabled">
<FilePublisherRule Id="a9e18c21-ff8f-43cf-b9fc-db40eed693ba" Name="(Default Rule) All signed Appx packages" Description="Allows members of the Everyone group to run Appx packages that are signed." UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*">
<BinaryVersionRange LowSection="0.0.0.0" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="fd686d83-a829-4351-8ff4-27c7de5755d2" Name="Deny Splash appmaps" Description="Deny members of the local Administrators group to run maps." UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsMaps" BinaryName="*" />
</Conditions>
</FilePublisherRule>
</RuleCollection>
</Data>
</Item>
</Add>
<Final/>
</SyncBody>
</SyncML>
以下示例禁用混合现实门户。The following example disables the Mixed Reality Portal. 在示例中 ,Id可以是任何生成的 GUID,Name**** 可以是你选择的任何名称。In the example, the Id can be any generated GUID and the Name can be any name you choose. 请注意,BinaryName="*" 允许你阻止混合现实门户包中的任何可执行应用。Note that BinaryName="*" allows you to block any app executable in the Mixed Reality Portal package. 本示例中所示的 Binary/VersionRange 将阻止所有版本的混合现实门户应用。Binary/VersionRange, as shown in the example, will block all versions of the Mixed Reality Portal app.
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Add>
<CmdID>$CmdID$</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/PolicyManager/My/ApplicationManagement/ApplicationRestrictions</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
<Type xmlns="syncml:metinf">text/plain</Type>
</Meta>
<Data>
<RuleCollection Type="Appx" EnforcementMode="Enabled">
<FilePublisherRule Id="a9e18c21-ff8f-43cf-b9fc-db40eed693ba" Name="(Default Rule) All signed packaged apps" Description="Allows members of the Everyone group to run packaged apps that are signed." UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*">
<BinaryVersionRange LowSection="0.0.0.0" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="d26da4e7-0b01-484d-a8d3-d5b5341b2d55" Name="Block Mixed Reality Portal" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.HolographicFirstRun" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
</RuleCollection>>
</Data>
</Item>
</Add>
<Final/>
</SyncBody>
</SyncML>
Windows 10 移动版以下示例拒绝所有应用并允许以下应用:The following example for Windows 10 Mobile denies all apps and allows the following apps:
- 依赖于初始应用的设置应用settings app that rely on splash apps
- 大多数收件箱 应用,但不是全部。most of the inbox apps, but not all.
本示例中 ,MobileGroup0 是节点名称。In this example, MobileGroup0 is the node name. 我们建议对此节点使用 GUID。We recommend using a GUID for this node.
<?xml version="1.0" encoding="utf-8"?>
<SyncML>
<SyncBody>
<Add>
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/MobileGroup0</LocURI>
</Target>
</Item>
</Add>
<Add>
<CmdID>2</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/MobileGroup0/StoreApps</LocURI>
</Target>
</Item>
</Add>
<Replace>
<CmdID>3</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/MobileGroup0/StoreApps/Policy</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
</Meta>
<Data>
<RuleCollection Type="Appx" EnforcementMode="Enabled">
<FilePublisherRule Id="172B8ACE-AAF5-41FA-941A-93AEE126B4A9" Name="Default Rule to Deny ALL" Description="Deny all publisher" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="CN=*" ProductName="*" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="DDCD112F-E003-4874-8B3E-14CB23851D54" Name="Whitelist Settings splash app" Description="Allow Admins to run Settings." UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="2A4E62D8-8809-4787-89F8-69D0F01654FB" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="757D94A8-C752-4013-9896-D46EF10925E9" Name="Whitelist Settings WorkOrSchool" Description="Allow Admins to run WorkOrSchool" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA562A" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="473BCE1A-94D2-4AE1-8CB1-064B0677CACB" Name="Whitelist WorkPlace AAD BrokerPlugin" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.AAD.BrokerPlugin" BinaryName="*" >
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="E13EA64B-B0D3-4257-87F4-1B522D06EA03" Name="Whitelist Start" Description="Allow Admins to run Start." UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA5602" BinaryName="*" >
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="2898C4B2-4B37-4BFF-8F7B-16B377EDEA88" Name="Whitelist SettingsPageKeyboard" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5608" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="15BBA04F-3989-4FF7-9FEF-83C4DFDABA27" Name="Whitelist SettingsPageTimeRegion" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea560c" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="C3735CB1-060D-4D40-9708-6D33B98A7A2D" Name="Whitelist SettingsPagePCSystemBluetooth" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5620" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="AFACF5A3-2974-41EE-A31A-1486F593C145" Name="Whitelist SettingsPageNetworkAirplaneMode" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5621" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="7B02A339-9E77-4694-AF86-119265138129" Name="Whitelist SettingsPageNetworkWiFi" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA5623" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="F912172F-9D83-46F5-8D6C-BA7AB17063BE" Name="Whitelist SettingsPageNetworkInternetSharing" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA5629" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="67AE8001-4E49-442A-AD72-F837129ABF63" Name="Whitelist SettingsPageRestoreUpdate" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5640" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="7B65BCB2-4B1D-42B6-921B-B87F1474BDC5" Name="Whitelist SettingsPageKidsCorner" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5802" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="3964A53B-E131-4ED6-88DA-71FBDBE4E232" Name="Whitelist SettingsPageDrivingMode" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5804" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="99C4CD58-51A2-429A-B479-976ADB4EA757" Name="Whitelist SettingsPageTimeLanguage" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5808" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="EBA3BCBE-4651-48CE-8F94-C5AC5D8F72FB" Name="Whitelist SettingsPageAppsCorner" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea580a" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="E16EABCC-46E7-4AB3-9F48-67FFF941BBDC" Name="Whitelist SettingsPagePhoneNfc" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="b0894dfd-4671-4bb9-bc17-a8b39947ffb6" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*"/>
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="1F4C3904-9976-4FEE-A492-5708F14EABA5" Name="Whitelist MSA Cloud Experience Host" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.CloudExperienceHost" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="AA741A28-7C02-49A5-AA5C-35D53FB8A9DC" Name="Whitelist Email and Accounts" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.AccountsControl" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="863BE063-D134-4C5C-9825-9DF9A86B6B56" Name="Whitelist Calculator" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsCalculator" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="1DA2F479-3D1D-4425-9FFA-D4E6908F945A" Name="Whitelist Alarms and Clock" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsAlarms" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="18E12372-21C6-4DA5-970E-0A58739D7151" Name="Whitelist People" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.People" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="FD686D83-A829-4351-8FF4-27C7DE5755D2" Name="Whitelist Camera" Description="Allow Admins to run camera." UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsCamera" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="16875F70-1778-43CC-96BB-783C9A8E53D5" Name="Whitelist WindowsMaps" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsMaps" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="D21D6F9D-CFF6-4AD1-867A-2411CE6A388D" Name="Whitelist FileExplorer" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="c5e2524a-ea46-4f67-841f-6a9465d9d515" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="450B6D7E-1738-41C9-9241-466C3FA4AB0C" Name="Whitelist FM Radio" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="F725010E-455D-4C09-AC48-BCDEF0D4B626" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="37F4272C-F4A0-4AB8-9B5F-C9194A0EC6F3" Name="Whitelist Microsoft Edge" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MicrosoftEdge" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="253D3AEA-36C0-4877-B932-9E9C9493F3F3" Name="Whitelist Movies" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.ZuneVideo" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="9A73E081-01D1-4BFD-ADF4-5C29AD4031F7" Name="Whitelist Money" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.BingFinance" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="EE4BF66C-EBF0-4565-982C-922FFDCB2E6D" Name="Whitelist News" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.BingNews" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="D78E6A9D-10F8-4C23-B620-40B01B60E5EA" Name="Whitelist Onedrive" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="AD543082-80EC-45BB-AA02-FFE7F4182BA8" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="0012F35E-C242-47FF-A573-3DA06AF7E43C" Name="Whitelist Onedrive APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MicrosoftSkydrive" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="178B0D68-3498-40CE-A0C3-295C6B3DA169" Name="Whitelist OneNote" Description="Allow Admins to run onenote." UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Office.OneNote" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="673914E4-D73A-405D-8DCF-173E36EA6722" Name="Whitelist GetStarted" Description="Allow Admins to run onenote." UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Getstarted" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="4546BD28-69B6-4175-A44C-33197D48F658" Name="Whitelist Outlook Calendar" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="microsoft.windowscommunicationsapps" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="7B843572-E1AD-45E6-A1F2-C551C70E4A34" Name="Whitelist Outlook Mail" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="microsoft.windowscommunicationsapps" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="E5A1CD1A-8C23-41E4-AACF-BF82FCE775A5" Name="Whitelist Photos" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.Photos" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="0A194DD1-B25B-4512-8AFC-6F560D0EC205" Name="Whitelist PodCasts" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MSPodcast" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="F5D27860-0238-4D1A-8011-9B8B263C3A33" Name="Whitelist SkypeApp" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="Microsoft.SkypeApp" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="B8BBC965-EC6D-4C16-AC68-C5F0090CB703" Name="Whitelist Store" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsStore" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="6031E1E7-A659-4B3D-87FB-3CB4C900F9D2" Name="Whitelist Sports" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.BingSports" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="A6D61B56-7CF7-4E95-953C-3A5913309B4E" Name="Whitelist Wallet" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MicrosoftWallet" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="A2C44744-0627-4A52-937E-E3EC1ED476E0" Name="Whitelist Weather" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.BingWeather" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="D79978B4-EFAE-4458-8FE1-0F13B5CE6764" Name="Whitelist Xbox" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.XboxApp" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="395713B9-DD39-4741-8AB3-63D0A0DCA2B0" Name="Whitelist Xbox Identity Provider" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.XboxIdentityProvider" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="7565A8BB-D50B-4237-A9E9-B0997B36BDF9" Name="Whitelist Voice recorder" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsSoundRecorder" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="409A286E-8C3D-48AB-9D7C-3225A48B30C9" Name="Whitelist Word" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Office.Word" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="F72A5DA6-CA6A-4E7F-A350-AC9FACAB47DB" Name="Whitelist Excel" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Office.Excel" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="169B3498-2A73-4D5C-8AFB-A0DE2908A07D" Name="Whitelist PowerPoint" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Office.PowerPoint" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="A483B662-3538-4D70-98A7-1312D51A0DB9" Name="Whitelist Contact Support" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Windows.ContactSupport" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="EAB1CEDC-DD8A-4311-9146-27A3C689DEAF" Name="Whitelist Cortana" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.Cortana" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="01CD8E68-666B-4DE6-8849-7CE4F0C37CA8" Name="Whitelist Storage" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA564D" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="15D9AD89-58BC-458E-9B96-3A18DA63AC3E" Name="Whitelist Groove Music" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.ZuneMusic" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="E2B71B03-D759-4AE2-8526-E1A0CE2801DE" Name="Whitelist Windows Feedback" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsFeedback" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="E7A30489-A20B-44C3-91A8-19D9F61A8B5B" Name="Whitelist Messaging and Messaging Video" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Messaging" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="D2A16D0C-8CC0-4C3A-9FB5-C1DB1B380CED" Name="Whitelist Phone splash" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA5611" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="2A355478-7449-43CB-908A-A378AA59FBB9" Name="Whitelist Phone APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.CommsPhone" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="89441630-7F1C-439B-8FFD-0BEEFF400C9B" Name="Whitelist Connect APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.DevicesFlow" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="E8AF01B5-7039-44F4-8072-6A6CC71EDF2E" Name="Whitelist Miracast APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="906BEEDA-B7E6-4DDC-BA8D-AD5031223EF9" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="DA02425B-0291-4A10-BE7E-B9C7922F4EDF" Name="Whitelist Print Dialog APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.PrintDialog" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="42919A05-347B-4A5F-ACB2-73710A2E6203" Name="Whitelist Block and Filter APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.BlockandFilterglobal" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="6F3D8885-C15E-4D7E-8E1F-F2A560C08F9E" Name="Whitelist MSFacebook" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MSFacebook" BinaryName="*" />
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="5168A5C3-5DC9-46C1-87C0-65A9DE1B4D18" Name="Whitelist Advanced Info" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*" ProductName="B6E3E590-9FA5-40C0-86AC-EF475DE98E88" BinaryName="*" />
</Conditions>
</FilePublisherRule>
</RuleCollection>
</Data>
</Item>
</Replace>
<Final/>
</SyncBody>
</SyncML>
Windows 10 Holographic for Business 示例Example for Windows 10 Holographic for Business
Windows 10 全息版以下示例拒绝所有应用,并允许启用最小收件箱应用集以启用工作设备以及"设置"。The following example for Windows 10 Holographic for Business denies all apps and allows the minimum set of inbox apps to enable to enable a working device, as well as Settings.
<RuleCollection Type="Appx" EnforcementMode="Enabled">
<FilePublisherRule Id="96B82A15-F841-499a-B674-963DC647762F"
Name="Whitelist BackgroundTaskHost"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="*"
BinaryName="BackgroundTaskHost*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="8D345CB2-AC5B-4b6b-8F0B-DCE3F6FB9259"
Name="Whitelist CertInstaller"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="*"
ProductName="4c4ad968-7100-49de-8cd1-402e198d869e"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="9F07FB38-B952-4f3c-A17A-CE7EC8132987"
Name="Whitelist MigrationUI"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="MigrationUIApp"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="1C32E96F-2F44-4317-9D98-2F624147D7AE"
Name="Whitelist CredDiagHost"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="Microsoft.CredDialogHost"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="53DCC751-E92A-4d0a-84DF-E6EAC2A7C7CE"
Name="Whitelist Settings"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="SystemSettings"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="70D9E233-81F4-4707-B79D-58F9C3A6BFB1"
Name="Whitelist HoloShell"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="HoloShell"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="6557A9BC-BA1F-4b7d-90FD-8C620CA81906"
Name="Whitelist MSA"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="Microsoft.Windows.CloudExperienceHost"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="81CD98A6-82EC-443f-87F8-039B00DFBE78"
Name="Whitelist BrokerPlugin"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="Microsoft.AAD.BrokerPlugin"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="1330E03E-7D43-4e01-9853-40ED8CF62D10"
Name="Whitelist SignIn1"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="WebAuthBridgeInternetSso"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="107EC30A-2CEF-4ec1-B556-F7DAA7DF7998"
Name="Whitelist SignIn2"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="WebAuthBridgeInternet"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="F806AC17-3E31-4a83-92EB-6A34696478D1"
Name="Whitelist SignIn3"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="WebAuthBridgeIntranetSso"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="E8CAF694-2256-4516-BDCC-CDABF218573C"
Name="Whitelist SignIn4"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="WebAuthBrokerInternetSso"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="5918428D-B9A8-4810-8FB4-25AE5A25D5A7"
Name="Whitelist SignIn5"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="WebAuthBrokerInternet"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="C90D99E3-C3EE-47c5-B181-7E8C54FA66B3"
Name="Whitelist SignIn6"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="WebAuthBrokerIntranetSso"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="9CD87A91-FB48-480d-B788-3770A950CD03"
Name="Whitelist SignIn7"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="SignIn"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="DCF74448-C287-4195-9072-8F3649AB9305"
Name="Whitelist Cortana"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="Microsoft.Windows.Cortana"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="BE4FD0C4-527B-45a3-A5B8-F4EA00584779"
Name="Whitelist Cortana ListenUI"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="CortanaListenUI"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="336509A7-FFBA-48cb-81BD-8DF9060B3CF8"
Name="Whitelist Email and accounts"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="Microsoft.AccountsControl"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="55912F15-0B94-445b-80E1-83BC8F0E8999"
Name="Whitelist Device Portal PIN UX"
Description=""
UserOrGroupSid="S-1-1-0"
Action="Allow">
<Conditions>
<FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
ProductName="holopairingapp"
BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
</RuleCollection>
Windows 信息保护的建议拒绝列表Recommended deny list for Windows Information Protection
Windows 10 版本 1607 的以下示例拒绝已知的非轻型 Microsoft 应用作为允许的应用访问企业数据。The following example for Windows 10, version 1607 denies known unenlightened Microsoft apps from accessing enterprise data as an allowed app. (管理员可能仍改为使用豁免规则。) 这可确保管理员不会意外允许这些应用使用 Windows 信息保护,并避免与使用这些应用程序自动进行文件加密相关的已知兼容性问题。(An administrator might still use an exempt rule, instead.) This ensures an administrator does not accidentally make these apps Windows Information Protection allowed, and avoid known compatibility issues related to automatic file encryption with these applications.
本示例中,Contoso 是节点名称。In this example, Contoso is the node name. 我们建议对此节点使用 GUID。We recommend using a GUID for this node.
<?xml version="1.0" encoding="utf-8"?>
<SyncML>
<SyncBody>
<Add>
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Contoso</LocURI>
</Target>
</Item>
</Add>
<Add>
<CmdID>2</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Contoso/EXE</LocURI>
</Target>
</Item>
</Add>
<Replace>
<CmdID>3</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Contoso/EXE/Policy</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">chr</Format>
</Meta>
<Data>
<RuleCollection Type="Exe" EnforcementMode="Enabled">
<FilePublisherRule Id="b005eade-a5ee-4f5a-be45-d08fa557a4b2" Name="MICROSOFT OFFICE, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
<Exceptions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE" BinaryName="EXCEL.EXE">
<BinaryVersionRange LowSection="16.0.10336.20000" HighSection="*" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE" BinaryName="LYNC.EXE">
<BinaryVersionRange LowSection="16.0.10336.20000" HighSection="*" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE" BinaryName="LYNC99.EXE">
<BinaryVersionRange LowSection="16.0.10336.20000" HighSection="*" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE" BinaryName="MSOSYNC.EXE">
<BinaryVersionRange LowSection="16.0.10336.20000" HighSection="*" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE" BinaryName="OCPUBMGR.EXE">
<BinaryVersionRange LowSection="16.0.10336.20000" HighSection="*" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE" BinaryName="POWERPNT.EXE">
<BinaryVersionRange LowSection="16.0.10336.20000" HighSection="*" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE" BinaryName="UCMAPI.EXE">
<BinaryVersionRange LowSection="16.0.10336.20000" HighSection="*" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE" BinaryName="WINWORD.EXE">
<BinaryVersionRange LowSection="16.0.10336.20000" HighSection="*" />
</FilePublisherCondition>
</Exceptions>
</FilePublisherRule>
<FilePublisherRule Id="de9f3461-6856-405d-9624-a80ca701f6cb" Name="MICROSOFT OFFICE 2003, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2003" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="ade1b828-7055-47fc-99bc-432cf7d1209e" Name="2007 MICROSOFT OFFICE SYSTEM, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="2007 MICROSOFT OFFICE SYSTEM" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="f6a075b5-a5b5-4654-abd6-731dacb40d95" Name="MICROSOFT OFFICE ONENOTE, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE ONENOTE" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="12.0.9999.9999" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="0ec03b2f-e9a4-4743-ae60-6d29886cf6ae" Name="MICROSOFT OFFICE OUTLOOK, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE OUTLOOK" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="12.0.9999.9999" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="7b272efd-4105-4fb7-9d40-bfa597c6792a" Name="MICROSOFT OFFICE 2013, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2013" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
</FilePublisherRule>
<FilePublisherRule Id="89d8a4d3-f9e3-423a-92ae-86e7333e2662" Name="MICROSOFT ONENOTE, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT ONENOTE" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
<Exceptions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT ONENOTE" BinaryName="ONENOTE.EXE">
<BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" />
</FilePublisherCondition>
</Exceptions>
</FilePublisherRule>
<FilePublisherRule Id="5a2138bd-8042-4ec5-95b4-f990666fbf61" Name="MICROSOFT OUTLOOK, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OUTLOOK" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
<Exceptions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OUTLOOK" BinaryName="OUTLOOK.EXE">
<BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" />
</FilePublisherCondition>
</Exceptions>
</FilePublisherRule>
<FilePublisherRule Id="3fc5f9c5-f180-435b-838f-2960106a3860" Name="MICROSOFT ONEDRIVE, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT ONEDRIVE" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
<Exceptions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT ONEDRIVE" BinaryName="ONEDRIVE.EXE">
<BinaryVersionRange LowSection="17.3.6386.0412" HighSection="*" />
</FilePublisherCondition>
</Exceptions>
</FilePublisherRule>
<FilePublisherRule Id="17d988ef-073e-4d92-b4bf-f477b2ecccb5" Name="MICROSOFT OFFICE 2016, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
<Conditions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="*">
<BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>
</Conditions>
<Exceptions>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="LYNC.EXE">
<BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="LYNC99.EXE">
<BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="UCMAPI.EXE">
<BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="OCPUBMGR.EXE">
<BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="WINWORD.EXE">
<BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="EXCEL.EXE">
<BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="POWERPNT.EXE">
<BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" />
</FilePublisherCondition>
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="MSOSYNC.EXE">
<BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" />
</FilePublisherCondition>
</Exceptions>
</FilePublisherRule>
</RuleCollection>
</Data>
</Item>
</Replace>
<Final/>
</SyncBody>
</SyncML>