AppLocker 云解决方案提供商AppLocker CSP

AppLocker 配置服务提供程序用于指定允许或禁止哪些应用程序。The AppLocker configuration service provider is used to specify which applications are allowed or disallowed. 对于被阻止的应用,没有显示用户界面。There is no user interface shown for apps that are blocked.

下面以树格式显示 AppLocker 配置服务提供程序。The following shows the AppLocker configuration service provider in tree format.

./Vendor/MSFT
AppLocker
----ApplicationLaunchRestrictions
--------Grouping
------------EXE
----------------Policy
----------------EnforcementMode
----------------NonInteractiveProcessEnforcement
------------MSI
----------------Policy
----------------EnforcementMode
------------Script
----------------Policy
----------------EnforcementMode
------------StoreApps
----------------Policy
----------------EnforcementMode
------------DLL
----------------Policy
----------------EnforcementMode
----------------NonInteractiveProcessEnforcement
------------CodeIntegrity
----------------Policy
----EnterpriseDataProtection
--------Grouping
------------EXE
----------------Policy
------------StoreApps
----------------Policy
----LaunchControl
--------Grouping
------------EXE
----------------Policy
----------------EnforcementMode
------------StoreApps
----------------Policy
----------------EnforcementMode
----FamilySafety
--------Grouping
------------EXE
----------------Policy
----------------EnforcementMode
------------StoreApps
----------------Policy
----------------EnforcementMode

./Vendor/MSFT/AppLocker./Vendor/MSFT/AppLocker
定义 AppLocker 配置服务提供程序的根节点。Defines the root node for the AppLocker configuration service provider.

AppLocker/ApplicationLaunchRestrictionsAppLocker/ApplicationLaunchRestrictions
定义应用程序的限制。Defines restrictions for applications.

备注

创建允许的应用列表时,所有 收件箱 应用也会被阻止,并且你必须将它们包括在允许的应用列表中。When you create a list of allowed apps, all inbox apps are also blocked, and you must include them in your list of allowed apps. 不要忘记添加适用于电话、消息、设置、开始、电子邮件和帐户、工作和学校以及你需要的其他应用的收件箱应用。Don't forget to add the inbox apps for Phone, Messaging, Settings, Start, Email and accounts, Work and school, and other apps that you need.

在 Windows 10 移动版中,当你创建允许的应用列表时,依赖初始应用的 设置应用将被 阻止。In Windows 10 Mobile, when you create a list of allowed apps, the settings app that rely on splash apps are blocked. 若要取消阻止这些应用,你必须将它们包括在允许的应用列表中。To unblock these apps, you must include them in your list of allowed apps.

除非在注册中分组值是唯一的,否则无法正确支持删除/注销。Delete/unenrollment is not properly supported unless Grouping values are unique across enrollments. 如果多个注册使用相同的 Grouping 值,则注销将不会按预期工作,因为资源管理器会删除重复的 URI。If multiple enrollments use the same Grouping value, then unenrollment will not work as expected since there are duplicate URIs that get deleted by the resource manager. 为了防止此问题,分组值应包含一些随机性。To prevent this problem, the Grouping value should include some randomness. 最佳做法是使用随机生成的 GUID。The best practice is to use a randomly generated GUID. 但是,对节点的确切值没有要求。However, there is no requirement on the exact value of the node.

备注

应用策略或使用 AppLocker/ApplicationLaunchRestrictions/Grouping/CodeIntegrity/Policy URI 执行删除时,AppLocker CSP 将计划重启。The AppLocker CSP will schedule a reboot when a policy is applied or a deletion occurs using the AppLocker/ApplicationLaunchRestrictions/Grouping/CodeIntegrity/Policy URI.

其他信息:Additional information:

AppLocker/ApplicationLaunchRestrictions/GroupingAppLocker/ApplicationLaunchRestrictions/Grouping
分组节点是动态节点,对于给定注册或给定上下文节点, (数量可能) 。Grouping nodes are dynamic nodes, and there may be any number of them for a given enrollment (or a given context). 实际标识符由管理终结点选择,其工作是确定其用途,并且不会与它们定义的其他标识符发生冲突。The actual identifiers are selected by the management endpoint, whose job it is to determine what their purpose is, and to not conflict with other identifiers that they define. 不同的注册和上下文可能使用相同的颁发机构标识符,即使许多此类标识符同时处于活动状态。Different enrollments and contexts may use the same Authority identifier, even if many such identifiers are active at the same time.

支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.

AppLocker/ApplicationLaunchRestrictions/Grouping/EXEAppLocker/ApplicationLaunchRestrictions/Grouping/EXE
定义启动可执行应用程序的限制。Defines restrictions for launching executable applications.

支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.

AppLocker/ApplicationLaunchRestrictions/Grouping/EXE/PolicyAppLocker/ApplicationLaunchRestrictions/Grouping/EXE/Policy
策略节点定义用于启动可执行文件、Windows Installer 文件、脚本、存储应用和 DLL 文件的策略。Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. 给定 Policy 节点的内容正好是相应 AppLocker XML 策略中 RuleCollection 节点的 XML 格式。The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.

数据类型为 string。Data type is string.

支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.

AppLocker/ApplicationLaunchRestrictions/Grouping/EXE/EnforcementModeAppLocker/ApplicationLaunchRestrictions/Grouping/EXE/EnforcementMode
Windows 信息保护的 EnforcementMode 节点 (以前称为企业数据保护) EnterpriseDataProtection 的行为。The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. 策略 CSP 中的 EDPEnforcementLevel 应该用于启用和禁用 Windows 信息保护 (以前称为企业数据保护) 。The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).

数据类型为字符串。The data type is a string.

支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.

AppLocker/ApplicationLaunchRestrictions/Grouping/EXE/NonInteractiveProcessEnforcementAppLocker/ApplicationLaunchRestrictions/Grouping/EXE/NonInteractiveProcessEnforcement
数据类型为字符串。The data type is a string.

支持的操作包括 Add、Delete、Get 和 Replace。Supported operations are Add, Delete, Get, and Replace.

AppLocker/ApplicationLaunchRestrictions/Grouping/MSIAppLocker/ApplicationLaunchRestrictions/Grouping/MSI
定义执行 Windows Installer 文件的限制。Defines restrictions for executing Windows Installer files.

支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.

AppLocker/ApplicationLaunchRestrictions/Grouping/MSI/PolicyAppLocker/ApplicationLaunchRestrictions/Grouping/MSI/Policy
策略节点定义用于启动可执行文件、Windows Installer 文件、脚本、存储应用和 DLL 文件的策略。Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. 给定 Policy 节点的内容正好是相应 AppLocker XML 策略中 RuleCollection 节点的 XML 格式。The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.

数据类型为 string。Data type is string.

支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.

AppLocker/ApplicationLaunchRestrictions/Grouping/MSI/EnforcementModeAppLocker/ApplicationLaunchRestrictions/Grouping/MSI/EnforcementMode
Windows 信息保护的 EnforcementMode 节点 (以前称为企业数据保护) EnterpriseDataProtection 的行为。The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. 策略 CSP 中的 EDPEnforcementLevel 应该用于启用和禁用 Windows 信息保护 (以前称为企业数据保护) 。The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).

数据类型为字符串。The data type is a string.

支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.

AppLocker/ApplicationLaunchRestrictions/Grouping/ScriptAppLocker/ApplicationLaunchRestrictions/Grouping/Script
定义运行脚本的限制。Defines restrictions for running scripts.

支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.

AppLocker/ApplicationLaunchRestrictions/Grouping/Script/PolicyAppLocker/ApplicationLaunchRestrictions/Grouping/Script/Policy
策略节点定义用于启动可执行文件、Windows Installer 文件、脚本、存储应用和 DLL 文件的策略。Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. 给定 Policy 节点的内容正好是相应 AppLocker XML 策略中 RuleCollection 节点的 XML 格式。The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.

数据类型为 string。Data type is string.

支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.

AppLocker/ApplicationLaunchRestrictions/Grouping/Script/EnforcementModeAppLocker/ApplicationLaunchRestrictions/Grouping/Script/EnforcementMode
Windows 信息保护的 EnforcementMode 节点 (以前称为企业数据保护) EnterpriseDataProtection 的行为。The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. 策略 CSP 中的 EDPEnforcementLevel 应该用于启用和禁用 Windows 信息保护 (以前称为企业数据保护) 。The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).

数据类型为字符串。The data type is a string.

支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.

AppLocker/ApplicationLaunchRestrictions/Grouping/StoreAppsAppLocker/ApplicationLaunchRestrictions/Grouping/StoreApps
定义从 Microsoft Store 运行应用的限制。Defines restrictions for running apps from the Microsoft Store.

支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.

AppLocker/ApplicationLaunchRestrictions/Grouping/StoreApps/PolicyAppLocker/ApplicationLaunchRestrictions/Grouping/StoreApps/Policy
策略节点定义用于启动可执行文件、Windows Installer 文件、脚本、存储应用和 DLL 文件的策略。Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. 给定 Policy 节点的内容正好是相应 AppLocker XML 策略中 RuleCollection 节点的 XML 格式。The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.

数据类型为 string。Data type is string.

支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.

AppLocker/ApplicationLaunchRestrictions/Grouping/StoreApps/EnforcementModeAppLocker/ApplicationLaunchRestrictions/Grouping/StoreApps/EnforcementMode
Windows 信息保护的 EnforcementMode 节点 (以前称为企业数据保护) EnterpriseDataProtection 的行为。The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. 策略 CSP 中的 EDPEnforcementLevel 应该用于启用和禁用 Windows 信息保护 (以前称为企业数据保护) 。The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).

数据类型为字符串。The data type is a string.

支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.

AppLocker/ApplicationLaunchRestrictions/Grouping/DLLAppLocker/ApplicationLaunchRestrictions/Grouping/DLL
定义处理 DLL 文件的限制。Defines restrictions for processing DLL files.

支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.

AppLocker/ApplicationLaunchRestrictions/Grouping/DLL/PolicyAppLocker/ApplicationLaunchRestrictions/Grouping/DLL/Policy
策略节点定义用于启动可执行文件、Windows Installer 文件、脚本、存储应用和 DLL 文件的策略。Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. 给定 Policy 节点的内容正好是相应 AppLocker XML 策略中 RuleCollection 节点的 XML 格式。The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.

数据类型为 string。Data type is string.

支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.

AppLocker/ApplicationLaunchRestrictions/Grouping/DLL/EnforcementModeAppLocker/ApplicationLaunchRestrictions/Grouping/DLL/EnforcementMode
Windows 信息保护的 EnforcementMode 节点 (以前称为企业数据保护) EnterpriseDataProtection 的行为。The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. 策略 CSP 中的 EDPEnforcementLevel 应该用于启用和禁用 Windows 信息保护 (以前称为企业数据保护) 。The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).

数据类型为字符串。The data type is a string.

支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.

AppLocker/ApplicationLaunchRestrictions/Grouping/DLL/NonInteractiveProcessEnforcementAppLocker/ApplicationLaunchRestrictions/Grouping/DLL/NonInteractiveProcessEnforcement
数据类型为字符串。The data type is a string.

支持的操作包括 Add、Delete、Get 和 Replace。Supported operations are Add, Delete, Get, and Replace.

AppLocker/ApplicationLaunchRestrictions/Grouping/CodeIntegrityAppLocker/ApplicationLaunchRestrictions/Grouping/CodeIntegrity
此节点仅在桌面上受支持。This node is only supported on the desktop.

支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.

AppLocker/ApplicationLaunchRestrictions/Grouping/CodeIntegrity/PolicyAppLocker/ApplicationLaunchRestrictions/Grouping/CodeIntegrity/Policy
策略节点定义用于启动可执行文件、Windows Installer 文件、脚本、存储应用和 DLL 文件的策略。Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. 给定 Policy 节点的内容正好是相应 AppLocker XML 策略中 RuleCollection 节点的 XML 格式。The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.

数据类型为 Base64。Data type is Base64.

支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.

备注

若要使用代码完整性策略,首先需要使用 ConvertFrom-CIPolicy cmdlet 将策略转换为二进制格式。To use Code Integrity Policy, you first need to convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet. 然后,应创建二进制策略表示的 Base64 编码 blob (例如,使用 certutil -encode 命令行工具) 并添加到 Applocker-CSP。Then a Base64-encoded blob of the binary policy representation should be created (for example, using the certutil -encode command line tool) and added to the Applocker-CSP.

AppLocker/EnterpriseDataProtectionAppLocker/EnterpriseDataProtection
捕获允许处理企业数据的应用列表。Captures the list of apps that are allowed to handle enterprise data. 应该与 EnterpriseDataProtection CSP 中的 ./Device/Vendor/MSFT/EnterpriseDataProtection 中的设置结合使用Should be used in conjunction with the settings in ./Device/Vendor/MSFT/EnterpriseDataProtection in EnterpriseDataProtection CSP.

在 Windows 10 版本 1607 中,Windows 信息保护具有允许和免除应用程序的概念。In Windows 10, version 1607 the Windows Information Protection has a concept for allowed and exempt applications. 允许的应用程序可以访问企业数据,并且这些应用程序处理的数据受加密保护。Allowed applications can access enterprise data and the data handled by those applications are protected with encryption. 豁免应用程序还可以访问企业数据,但由这些应用程序处理的数据不受保护。Exempt applications can also access enterprise data, but the data handled by those applications are not protected. 这是因为某些关键的企业应用程序可能遇到加密数据的兼容性问题。This is because some critical enterprise applications may have compatibility problems with encrypted data.

可以使用以下 URI 设置允许列表:You can set the allowed list using the following URI:

  • ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Grouping/EXE/Policy./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Grouping/EXE/Policy
  • ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Grouping/StoreApps/Policy./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Grouping/StoreApps/Policy

可以使用以下 URI 设置豁免列表。You can set the exempt list using the following URI. _分组字符串必须在_任意位置包含关键字"EdpExempt",以帮助区分豁免列表和允许列表。The Grouping string must contain the keyword "EdpExempt" anywhere to help distinguish the exempt list from the allowed list. "EdpExempt"关键字也以不区分大小写的方式进行评估:The "EdpExempt" keyword is also evaluated in a case-insensitive manner:

  • ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Grouping includes "EdpExempt"/EXE/Policy./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Grouping includes "EdpExempt"/EXE/Policy
  • ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Grouping includes "EdpExempt"/StoreApps/Policy./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Grouping includes "EdpExempt"/StoreApps/Policy

豁免示例:Exempt examples:

  • ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/ContosoEdpExempt/EXE/Policy./Vendor/MSFT/AppLocker/EnterpriseDataProtection/ContosoEdpExempt/EXE/Policy
  • ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/xxxxxEdpExemptxxxxx/EXE/Policy./Vendor/MSFT/AppLocker/EnterpriseDataProtection/xxxxxEdpExemptxxxxx/EXE/Policy

其他信息:Additional information:

  • Windows 信息保护的建议 拒绝列表 - 例如,Windows 10 版本 1607 拒绝已知的非轻型 Microsoft 应用作为允许的应用访问企业数据。Recommended deny list for Windows Information Protection - example for Windows 10, version 1607 that denies known unenlightened Microsoft apps from accessing enterprise data as an allowed app. 这可确保管理员不会意外允许这些应用使用 Windows 信息保护,并避免与使用这些应用程序的自动文件加密相关的已知兼容性问题。This ensures an administrator does not accidentally make these apps Windows Information Protection allowed, and avoid known compatibility issues related to automatic file encryption with these applications.

AppLocker/EnterpriseDataProtection/GroupingAppLocker/EnterpriseDataProtection/Grouping
分组节点是动态节点,对于给定注册或给定上下文节点, (数量可能) 。Grouping nodes are dynamic nodes, and there may be any number of them for a given enrollment (or a given context). 实际标识符由管理终结点选择,其工作是确定其用途,并且不会与它们定义的其他标识符发生冲突。The actual identifiers are selected by the management endpoint, whose job it is to determine what their purpose is, and to not conflict with other identifiers that they define. 不同的注册和上下文可能使用相同的颁发机构标识符,即使许多此类标识符同时处于活动状态。Different enrollments and contexts may use the same Authority identifier, even if many such identifiers are active at the same time.

支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.

AppLocker/EnterpriseDataProtection/Grouping/EXEAppLocker/EnterpriseDataProtection/Grouping/EXE
定义启动可执行应用程序的限制。Defines restrictions for launching executable applications.

支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.

AppLocker/EnterpriseDataProtection/Grouping/EXE/PolicyAppLocker/EnterpriseDataProtection/Grouping/EXE/Policy
策略节点定义用于启动可执行文件、Windows Installer 文件、脚本、存储应用和 DLL 文件的策略。Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. 给定 Policy 节点的内容正好是相应 AppLocker XML 策略中 RuleCollection 节点的 XML 格式。The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.

数据类型为 string。Data type is string.

支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.

AppLocker/EnterpriseDataProtection/Grouping/StoreAppsAppLocker/EnterpriseDataProtection/Grouping/StoreApps
定义从 Microsoft Store 运行应用的限制。Defines restrictions for running apps from the Microsoft Store.

支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.

AppLocker/EnterpriseDataProtection/Grouping/StoreApps/PolicyAppLocker/EnterpriseDataProtection/Grouping/StoreApps/Policy
策略节点定义用于启动可执行文件、Windows Installer 文件、脚本、存储应用和 DLL 文件的策略。Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. 给定 Policy 节点的内容正好是相应 AppLocker XML 策略中 RuleCollection 节点的 XML 格式。The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.

数据类型为 string。Data type is string.

支持的操作包括 Get、Add、Delete 和 Replace。Supported operations are Get, Add, Delete, and Replace.

查找应用的发布者和产品名称Find publisher and product name of apps

你可以将 Windows Phone (Windows 10 移动版版本 1511) 与桌面配对,使用手机上的 Device Portal 获取各种类型的信息,包括手机上安装的应用的发布者名称和产品名称。You can pair a Windows Phone (Windows 10 Mobile, version 1511) to your desktop using the Device Portal on the phone to get the various types of information, including publisher name and product name of apps installed on the phone. 此过程描述使用 WiFi 将手机配对到桌面。This procedure describes pairing your phone to your desktop using WiFi.

如果此过程不起作用,请尝试 Device Portal for Mobile 中所述的其他 配对方法If this procedure does not work for you, try the other methods for pairing described in Device Portal for Mobile.

查找安装在 Windows 10 移动版上的应用的 Publisher 和 PackageFullNameTo find Publisher and PackageFullName for apps installed on Windows 10 Mobile

  1. 在 Windows Phone 上,转到"设置 "。On your Windows Phone, go to Settings. 选择 "更新&安全"。Choose Update & security. 然后选择"针对开发人员"。Then choose For developers.

  2. 选择 "开发人员模式"。Choose Developer mode.

  3. 打开设备 发现Turn on Device discovery.

  4. 打开Device Portal 并保留AuthenticationOn。Turn on Device Portal and keep AuthenticationOn.

  5. Device Portal 下的Connect using: WiFi下,将 URL 复制到桌面浏览器以使用 WiFi 进行连接。Under the Device Portal, under Connect using: WiFi, copy the URL to your desktop browser to connect using WiFi.

    如果收到证书错误,请继续浏览网页。If you get a certificate error, continue to the web page.

    如果收到有关未访问网页的错误,则应该尝试 Device Portal for Mobile 中所述的其他 配对方法If you get an error about not reaching the web page, then you should try the other methods for pairing described in Device Portal for Mobile.

  6. 在手机上的"设备发现"下, 点击"配对"。On your phone under Device discovery, tap Pair. 你将获取一个代码 (区分大小写) 。You will get a code (case sensitive).

  7. 在浏览器的"设置访问"页上,将区分大小写 (代码输入) ,然后单击"提交 "。On the browser on the Set up access page, enter the code (case sensitive) into the text box and click Submit.

    "Device Portal" 页将在您的浏览器上打开。The Device Portal page opens on your browser.

    设备门户屏幕截图

  8. 在桌面 Device Portal 页面上 ,单击 应用 以打开 应用管理器On the desktop Device Portal page, click Apps to open the App Manager.

  9. 在"应用管理器" 页面"运行应用"下,你将看到应用的 PublisherPackageFullName。On the App Manager page under Running apps, you will see the Publisher and PackageFullName of apps.

    设备门户应用管理器

  10. 如果看不到想要的应用,请参阅已安装的应用 If you do not see the app that you want, look under Installed apps. 使用下拉菜单,单击应用程序,然后显示版本、发布者和 PackageFullName。Using the drop down menu, click on the application and you get the Version, Publisher, and PackageFullName displayed.

    应用管理器

下表显示了信息到 AppLocker 发布者规则字段的映射。The following table show the mapping of information to the AppLocker publisher rule field.

设备门户数据Device portal data AppLocker 发布者规则字段AppLocker publisher rule field

PackageFullNamePackageFullName

ProductNameProductName

产品名称是 PackageFullName 的第一部分,后跟版本号。The product name is first part of the PackageFullName followed by the version number. 在 Windows 相机示例中,ProductName 为 Microsoft.WindowsCamera。In the Windows Camera example, the ProductName is Microsoft.WindowsCamera.

发布者Publisher

发布者Publisher

版本Version

版本Version

这可以在 BinaryVersionRange 的 HighSection 或 LowSection 中使用。This can be used either in the HighSection or LowSection of the BinaryVersionRange.

HighSection 定义最高版本号,LowSection 定义应信任的最低版本号。HighSection defines the highest version number and LowSection defines the lowest version number that should be trusted. 可以使用这两个版本的通配符使规则与版本无关。You can use a wildcard for both versions to make a version independent rule. 将通配符用于其中一个值将提供高于或低于特定版本语义。Using a wildcard for one of the values will provide higher than or lower than a specific version semantics.

下面是 AppLocker 发布者规则的示例:Here is an example AppLocker publisher rule:

<FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Reader" BinaryName="*">
  <BinaryVersionRange LowSection="*" HighSection="*" />
</FilePublisherCondition>

可以使用 Web API 获取应用的发布者名称和产品名称。You can get the publisher name and product name of apps using a web API.

在适用于企业 Microsoft Store 中查找 Microsoft 应用的发布者和产品名称To find publisher and product name for Microsoft apps in Microsoft Store for Business

  1. 转到适用于企业的 Microsoft Store 网站,然后查找你的应用。Go to the Microsoft Store for Business website, and find your app. 例如,Microsoft OneNote。For example, Microsoft OneNote.

  2. 从应用 URL 中复制 ID 值。Copy the ID value from the app URL. 例如,Microsoft OneNote 的 ID URL 是 ,你要复制 https://www.microsoft.com/store/apps/onenote/9wzdncrfhvjl ID 值 9wzdncrfhvjlFor example, Microsoft OneNote's ID URL is https://www.microsoft.com/store/apps/onenote/9wzdncrfhvjl, and you'd copy the ID value, 9wzdncrfhvjl.

  3. 在浏览器中,运行适用于企业应用商店门户 Web API,以返回包含发布者和产品名称值的 JavaScript (JSON) 文件。In your browser, run the Store for Business portal web API, to return a JavaScript Object Notation (JSON) file that includes the publisher and product name values.

    请求 URIRequest URI

    https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/{app ID}/applockerdata

下面是 Microsoft OneNote 的示例:Here is the example for Microsoft OneNote:

请求Request

https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9wzdncrfhvjl/applockerdata

结果Result

{
  "packageFamilyName": "Microsoft.Office.OneNote_8wekyb3d8bbwe",
  "packageIdentityName": "Microsoft.Office.OneNote",
  "windowsPhoneLegacyId": "ca05b3ab-f157-450c-8c49-a1f127f5e71d",
  "publisherCertificateName": "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
}
结果数据Result data AppLocker 发布者规则字段AppLocker publisher rule field

packageIdentityNamepackageIdentityName

ProductNameProductName

publisherCertificateNamepublisherCertificateName

发布者Publisher

windowsPhoneLegacyIdwindowsPhoneLegacyId

相同的值映射到 ProductName 和 Publisher 名称Same value maps to the ProductName and Publisher name

只有当存在与应用商店中的应用关联的 XAP 程序包时,此值才存在。This value will only be present if there is a XAP package associated with the app in the Store.

如果填充了此值,那么涵盖 AppX 和 XAP 程序包的简单操作就是为应用创建两个规则。If this value is populated then the simple thing to do to cover both the AppX and XAP package would be to create two rules for the app. AppX 的一个规则使用 packageIdentityName 和 publisherCertificateName 值,另一个规则使用 windowsPhoneLegacyId 值。One rule for AppX using the packageIdentityName and publisherCertificateName value and another one using the windowsPhoneLegacyId value.

依赖于初始应用的设置应用Settings apps that rely on splash apps

在 Windows 10 移动版中创建允许的应用列表时,还必须在允许的应用列表中包含依赖于初始应用的"设置"应用的子集。When you create a list of allowed apps in Windows 10 Mobile, you must also include the subset of Settings apps that rely on splash apps in your list of allowed apps. 除非这些应用显式添加到允许的应用列表中,否则将阻止这些应用。These apps are blocked unless they are explicitly added to the list of allowed apps. 下表显示了依赖于初始应用的"设置"应用的子集。The following table shows the subset of Settings apps that rely on splash apps .

产品名称是 PackageFullName 的第一部分,后跟版本号。The product name is first part of the PackageFullName followed by the version number.

设置应用名称Settings app name PackageFullName 或产品名称PackageFullName or Product name ProductIDProductID
工作或学校帐户Work or school account Microsoft.AAD.BrokerPluginMicrosoft.AAD.BrokerPlugin e5f8b2c4-75ae-45ee-9be8-212e34f77747e5f8b2c4-75ae-45ee-9be8-212e34f77747
电子邮件和帐户Email and accounts Microsoft.AccountsControlMicrosoft.AccountsControl 39cf127b-8c67-c149-539a-c02271d0706039cf127b-8c67-c149-539a-c02271d07060
SettingsPageKeyboardSettingsPageKeyboard 5b04b775-356b-4aa0-aaf8-6491ffea5608_1.1.0.0_neutral__cw8ffb7c56vgc5b04b775-356b-4aa0-aaf8-6491ffea5608_1.1.0.0_neutral__cw8ffb7c56vgc 5b04b775-356b-4aa0-aaf8-6491ffea56085b04b775-356b-4aa0-aaf8-6491ffea5608
SettingsPageTimeRegionSettingsPageTimeRegion 5b04b775-356b-4aa0-aaf8-6491ffea560c_1.0.0.0_neutral__gqhq4qhgje4fw5b04b775-356b-4aa0-aaf8-6491ffea560c_1.0.0.0_neutral__gqhq4qhgje4fw 5b04b775-356b-4aa0-aaf8-6491ffea560c5b04b775-356b-4aa0-aaf8-6491ffea560c
SettingsPagePCSystemBluetoothSettingsPagePCSystemBluetooth 5b04b775-356b-4aa0-aaf8-6491ffea5620_1.0.0.0_neutral__nvaj48k0z8te85b04b775-356b-4aa0-aaf8-6491ffea5620_1.0.0.0_neutral__nvaj48k0z8te8 5b04b775-356b-4aa0-aaf8-6491ffea56205b04b775-356b-4aa0-aaf8-6491ffea5620
SettingsPageNetworkAirplaneModeSettingsPageNetworkAirplaneMode 5b04b775-356b-4aa0-aaf8-6491ffea5621_1.0.0.0_neutral__f73kmnfsk0aj25b04b775-356b-4aa0-aaf8-6491ffea5621_1.0.0.0_neutral__f73kmnfsk0aj2 5b04b775-356b-4aa0-aaf8-6491ffea56215b04b775-356b-4aa0-aaf8-6491ffea5621
SettingsPageNetworkWiFiSettingsPageNetworkWiFi 5b04b775-356b-4aa0-aaf8-6491ffea5623_1.0.0.0_neutral__a3jhh70a240gm5b04b775-356b-4aa0-aaf8-6491ffea5623_1.0.0.0_neutral__a3jhh70a240gm 5b04b775-356b-4aa0-aaf8-6491ffea56235b04b775-356b-4aa0-aaf8-6491ffea5623
SettingsPageNetworkInternetSharingSettingsPageNetworkInternetSharing 5b04b775-356b-4aa0-aaf8-6491ffea5629_1.0.0.0_neutral__yqcw9dmx6t3pe5b04b775-356b-4aa0-aaf8-6491ffea5629_1.0.0.0_neutral__yqcw9dmx6t3pe 5b04b775-356b-4aa0-aaf8-6491ffea56295b04b775-356b-4aa0-aaf8-6491ffea5629
SettingsPageAccountsWorkplaceSettingsPageAccountsWorkplace 5b04b775-356b-4aa0-aaf8-6491ffea562a_1.0.0.0_neutral__q1wjbr14bc3d05b04b775-356b-4aa0-aaf8-6491ffea562a_1.0.0.0_neutral__q1wjbr14bc3d0 5b04b775-356b-4aa0-aaf8-6491ffea562a5b04b775-356b-4aa0-aaf8-6491ffea562a
SettingsPageRestoreUpdateSettingsPageRestoreUpdate 5b04b775-356b-4aa0-aaf8-6491ffea5640_1.0.0.0_neutral__j77gbj5kz730y5b04b775-356b-4aa0-aaf8-6491ffea5640_1.0.0.0_neutral__j77gbj5kz730y 5b04b775-356b-4aa0-aaf8-6491ffea56405b04b775-356b-4aa0-aaf8-6491ffea5640
SettingsPageKidsCornerSettingsPageKidsCorner 5b04b775-356b-4aa0-aaf8-6491ffea5802_1.0.0.0_neutral__1wmss2z3sft8c5b04b775-356b-4aa0-aaf8-6491ffea5802_1.0.0.0_neutral__1wmss2z3sft8c 5b04b775-356b-4aa0-aaf8-6491ffea58025b04b775-356b-4aa0-aaf8-6491ffea5802
SettingsPageDrivingModeSettingsPageDrivingMode 5b04b775-356b-4aa0-aaf8-6491ffea5804_1.0.0.0_neutral__t553967svy34g5b04b775-356b-4aa0-aaf8-6491ffea5804_1.0.0.0_neutral__t553967svy34g 5b04b775-356b-4aa0-aaf8-6491ffea58045b04b775-356b-4aa0-aaf8-6491ffea5804
SettingsPageTimeLanguageSettingsPageTimeLanguage 5b04b775-356b-4aa0-aaf8-6491ffea5808_1.0.0.0_neutral__ecxasj38g8ynw5b04b775-356b-4aa0-aaf8-6491ffea5808_1.0.0.0_neutral__ecxasj38g8ynw 5b04b775-356b-4aa0-aaf8-6491ffea58085b04b775-356b-4aa0-aaf8-6491ffea5808
SettingsPageAppsCornerSettingsPageAppsCorner 5b04b775-356b-4aa0-aaf8-6491ffea580a_1.0.0.0_neutral__4vefaa8deck745b04b775-356b-4aa0-aaf8-6491ffea580a_1.0.0.0_neutral__4vefaa8deck74 5b04b775-356b-4aa0-aaf8-6491ffea580a5b04b775-356b-4aa0-aaf8-6491ffea580a
SettingsPagePhoneNfcSettingsPagePhoneNfc b0894dfd-4671-4bb9-bc17-a8b39947ffb6_1.0.0.0_neutral__1prqnbg33c1tjb0894dfd-4671-4bb9-bc17-a8b39947ffb6_1.0.0.0_neutral__1prqnbg33c1tj b0894dfd-4671-4bb9-bc17-a8b39947ffb6b0894dfd-4671-4bb9-bc17-a8b39947ffb6

收件箱应用和组件Inbox apps and components

以下列表显示了收件箱中可能包含的应用。The following list shows the apps that may be included in the inbox.

备注

此列表标识了作为 Windows 的一部分提供的系统应用,你可以将其添加到 AppLocker 策略以确保操作系统正常运行。This list identifies system apps that ship as part of Windows that you can add to your AppLocker policy to ensure proper functioning of the operating system. 如果你决定阻止其中一些应用,我们建议在部署到生产环境之前进行全面测试。If you decide to block some of these apps, we recommend a thorough testing before deploying to your production environment. 如果不这样做,可能会导致意外失败,并且可能会显著降低用户体验。Failure to do so may result in unexpected failures and can significantly degrade the user experience.

应用App 产品 IDProduct ID 产品名称Product name
3D 查看器3D Viewer f41647c9-d567-4378-b2ab-7924e5a152f3f41647c9-d567-4378-b2ab-7924e5a152f3 Microsoft.Microsoft3DViewerMicrosoft.Microsoft3DViewer

(Windows 10 版本 1703 中) (Added in Windows 10, version 1703)

高级信息Advanced info b6e3e590-9fa5-40c0-86ac-ef475de98e88b6e3e590-9fa5-40c0-86ac-ef475de98e88 b6e3e590-9fa5-40c0-86ac-ef475de98e88b6e3e590-9fa5-40c0-86ac-ef475de98e88
年龄工作者Age out worker 09296e27-c9f3-4ab9-aa76-ecc4497d94bb09296e27-c9f3-4ab9-aa76-ecc4497d94bb
闹钟和时钟Alarms and clock 44f7d2b4-553d-4bec-a8b7-634ce897ed5f44f7d2b4-553d-4bec-a8b7-634ce897ed5f Microsoft.WindowsAlarmsMicrosoft.WindowsAlarms
应用下载App downloads 20bf77a0-19c7-4daa-8db5-bc3dfdfa44ac20bf77a0-19c7-4daa-8db5-bc3dfdfa44ac
分配的访问权限锁定应用Assigned access lock app b84f4722-313e-4f85-8f41-cf5417c9c5cbb84f4722-313e-4f85-8f41-cf5417c9c5cb
必应锁定图像Bing lock images 5f28c179-2780-41df-b966-27807b8de02c5f28c179-2780-41df-b966-27807b8de02c
阻止和筛选Block and filter 59553c14-5701-49a2-9909-264d034deb3d59553c14-5701-49a2-9909-264d034deb3d
代理插件 (工作或学校帐户) Broker plug-in (same as Work or school account) Microsoft.AAD.BrokerPluginMicrosoft.AAD.BrokerPlugin
计算器Calculator b58171c6-c70c-4266-a2e8-8f9c994f4456b58171c6-c70c-4266-a2e8-8f9c994f4456 Microsoft.WindowsCalculatorMicrosoft.WindowsCalculator
相机Camera f0d8fefd-31cd-43a1-a45a-d0276db069f1f0d8fefd-31cd-43a1-a45a-d0276db069f1 Microsoft.WindowsCameraMicrosoft.WindowsCamera
CertInstallerCertInstaller 4c4ad968-7100-49de-8cd1-402e198d869e4c4ad968-7100-49de-8cd1-402e198d869e
颜色配置文件Color profile b08997ca-60ab-4dce-b088-f92e9c7994f3b08997ca-60ab-4dce-b088-f92e9c7994f3
连接Connect af7d2801-56c0-4eb1-824b-dd91cdf7ece5af7d2801-56c0-4eb1-824b-dd91cdf7ece5 Microsoft.DevicesFlowMicrosoft.DevicesFlow
联系支持人员Contact Support 0db5fcff-4544-458a-b320-e352dfd9ca2b0db5fcff-4544-458a-b320-e352dfd9ca2b Windows.ContactSupportWindows.ContactSupport
CortanaCortana fd68dcf4-166f-4c55-a4ca-348020f71b94fd68dcf4-166f-4c55-a4ca-348020f71b94 Microsoft.Windows.CortanaMicrosoft.Windows.Cortana
Cortana 侦听 UICortana Listen UI CortanaListenUICortanaListenUI
凭据对话框主机Credentials Dialog Host Microsoft.CredDialogHostMicrosoft.CredDialogHost
Device Portal PIN UXDevice Portal PIN UX holopairingappholopairingapp
电子邮件和帐户Email and accounts 39cf127b-8c67-c149-539a-c02271d0706039cf127b-8c67-c149-539a-c02271d07060 Microsoft.AccountsControlMicrosoft.AccountsControl
企业安装应用Enterprise install app da52fa01-ac0f-479d-957f-bfe4595941cbda52fa01-ac0f-479d-957f-bfe4595941cb
均衡器Equalizer 373cb76e-7f6c-45aa-8633-b00e85c73261373cb76e-7f6c-45aa-8633-b00e85c73261
ExcelExcel ead3e7c0-fae6-4603-8699-6a448138f4dcead3e7c0-fae6-4603-8699-6a448138f4dc Microsoft.Office.ExcelMicrosoft.Office.Excel
FacebookFacebook 82a23635-5bd9-df11-a844-00237de2db9e82a23635-5bd9-df11-a844-00237de2db9e Microsoft.MSSoftMicrosoft.MSFacebook
Field MedicField Medic 73c58570-d5a7-46f8-b1b2-2a90024fc29c73c58570-d5a7-46f8-b1b2-2a90024fc29c
文件资源管理器File Explorer c5e2524a-ea46-4f67-841f-6a9465d9d515c5e2524a-ea46-4f67-841f-6a9465d9d515 c5e2524a-ea46-4f67-841f-6a9465d9d515c5e2524a-ea46-4f67-841f-6a9465d9d515
调频广播FM Radio f725010e-455d-4c09-ac48-bcdef0d4b626f725010e-455d-4c09-ac48-bcdef0d4b626 f725010e-455d-4c09-ac48-bcdef0d4b626f725010e-455d-4c09-ac48-bcdef0d4b626
入门Get Started b3726308-3d74-4a14-a84c-867c8c735c3cb3726308-3d74-4a14-a84c-867c8c735c3c Microsoft.GetstartedMicrosoft.Getstarted
概览Glance 106e0a97-8b19-42cf-8879-a8ed2598fcbb106e0a97-8b19-42cf-8879-a8ed2598fcbb
Groove 音乐Groove Music d2b6a184-da39-4c9a-9e0a-8b589b03dec0d2b6a184-da39-4c9a-9e0a-8b589b03dec0 Microsoft.ZuneMusicMicrosoft.ZuneMusic
Hands-Free激活Hands-Free Activation df6c9621-e873-4e86-bb56-93e9f21b1d6fdf6c9621-e873-4e86-bb56-93e9f21b1d6f
Hands-Free激活Hands-Free Activation 72803bd5-4f36-41a4-a349-e83e027c472272803bd5-4f36-41a4-a349-e83e027c4722
HAP 更新后台工作线程HAP update background worker 73c73cdd-4dea-462c-bd83-fa983056a4ef73c73cdd-4dea-462c-bd83-fa983056a4ef
全息 ShellHolographic Shell HoloShellHoloShell
Lumia 运动数据Lumia motion data 8fc25fd2-4e2e-4873-be44-20e57f6ec52b8fc25fd2-4e2e-4873-be44-20e57f6ec52b
地图Maps ed27a07e-af57-416b-bc0c-2596b622ef7ded27a07e-af57-416b-bc0c-2596b622ef7d Microsoft.WindowsMapsMicrosoft.WindowsMaps
消息Messaging 27e26f40-e031-48a6-b130-d1f20388991a27e26f40-e031-48a6-b130-d1f20388991a Microsoft.MessagingMicrosoft.Messaging
Microsoft 帐户Microsoft account 3a4fae89-7b7e-44b4-867b-f7e2772b82533a4fae89-7b7e-44b4-867b-f7e2772b8253 Microsoft.CloudExperienceHostMicrosoft.CloudExperienceHost
Microsoft EdgeMicrosoft Edge 395589fb-5884-4709-b9df-f7d558663ffd395589fb-5884-4709-b9df-f7d558663ffd Microsoft.MicrosoftEdgeMicrosoft.MicrosoftEdge
Microsoft FrameworkMicrosoft Frameworks ProductID = 00000000-0000-0000-0000-000000000000ProductID = 00000000-0000-0000-0000-000000000000

PublisherName= " CN=Microsoft Corporation,O=Microsoft Corporation, L=Redmond, S=Washington, C=US"PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"

迁移 UIMigration UI MigrationUIAppMigrationUIApp
MiracastViewMiracastView 906beeda-b7e6-4ddc-ba8d-ad5031223ef9906beeda-b7e6-4ddc-ba8d-ad5031223ef9 906beeda-b7e6-4ddc-ba8d-ad5031223ef9906beeda-b7e6-4ddc-ba8d-ad5031223ef9
混合现实门户Mixed Reality Portal Microsoft.Windows.HolographicFirstRunMicrosoft.Windows.HolographicFirstRun
财经Money 1e0440f1-7abf-4b9a-863d-177970eefb5e1e0440f1-7abf-4b9a-863d-177970eefb5e Microsoft.BingFinanceMicrosoft.BingFinance
电影和电视Movies and TV 6affe59e-0467-4701-851f-7ac026e216656affe59e-0467-4701-851f-7ac026e21665 Microsoft.ZuneVideoMicrosoft.ZuneVideo
音乐下载Music downloads 3da8a0c1-f7e5-47c0-a680-be8fd013f7473da8a0c1-f7e5-47c0-a680-be8fd013f747
导航栏Navigation bar 2cd23676-8f68-4d07-8dd2-e693d4b012792cd23676-8f68-4d07-8dd2-e693d4b01279
网络服务Network services 62f172d1-f552-4749-871c-2afd1c95c24562f172d1-f552-4749-871c-2afd1c95c245
新闻News 9c3e8cad-6702-4842-8f61-b8b33cc9caf19c3e8cad-6702-4842-8f61-b8b33cc9caf1 Microsoft.BingNewsMicrosoft.BingNews
OneDriveOneDrive ad543082-80ec-45bb-aa02-ffe7f4182ba8ad543082-80ec-45bb-aa02-ffe7f4182ba8 Microsoft.MicrosoftSkydriveMicrosoft.MicrosoftSkydrive
OneNoteOneNote ca05b3ab-f157-450c-8c49-a1f127f5e71dca05b3ab-f157-450c-8c49-a1f127f5e71d Microsoft.Office.OneNoteMicrosoft.Office.OneNote
Outlook 日历和邮件Outlook Calendar and Mail a558feba-85d7-4665-b5d8-a2ff9c19799ba558feba-85d7-4665-b5d8-a2ff9c19799b Microsoft.WindowsCommunicationsAppsMicrosoft.WindowsCommunicationsApps
人脉People 60be1fb8-3291-4b21-bd39-2221ab16648160be1fb8-3291-4b21-bd39-2221ab166481 Microsoft.PeopleMicrosoft.People
电话Phone 5b04b775-356b-4aa0-aaf8-6491ffea56115b04b775-356b-4aa0-aaf8-6491ffea5611 5b04b775-356b-4aa0-aaf8-6491ffea56115b04b775-356b-4aa0-aaf8-6491ffea5611
电话(拨号程序)Phone (dialer) f41b5d0e-ee94-4f47-9cfe-3d3934c5a2c7f41b5d0e-ee94-4f47-9cfe-3d3934c5a2c7 Microsoft.CommsPhoneMicrosoft.CommsPhone
电话重置对话框Phone reset dialog 2864278d-09b5-46f7-b502-1c24139ecbdd2864278d-09b5-46f7-b502-1c24139ecbdd
照片Photos fca55e1b-b9a4-4289-882f-084ef4145005fca55e1b-b9a4-4289-882f-084ef4145005 Microsoft.Windows.PhotosMicrosoft.Windows.Photos
播客Podcasts c3215724-b279-4206-8c3e-61d1a9d63ed3c3215724-b279-4206-8c3e-61d1a9d63ed3 Microsoft.MSPodcastMicrosoft.MSPodcast
播客下载Podcast downloads 063773e7-f26f-4a92-81f0-aa71a1161e30063773e7-f26f-4a92-81f0-aa71a1161e30
PowerPointPowerPoint b50483c4-8046-4e1b-81ba-590b24935798b50483c4-8046-4e1b-81ba-590b24935798 Microsoft.Office.PowerPointMicrosoft.Office.PowerPoint
PrintDialogPrintDialog 0d32eeb1-32f0-40da-8558-cea6fcbec4a40d32eeb1-32f0-40da-8558-cea6fcbec4a4 Microsoft.PrintDialogMicrosoft.PrintDialog
购买对话框Purchase dialog c60e79ca-063b-4e5d-9177-1309357b2c3fc60e79ca-063b-4e5d-9177-1309357b2c3f
为设备评分Rate your device aec3bfad-e38c-4994-9c32-50bd030730ecaec3bfad-e38c-4994-9c32-50bd030730ec
RingtoneApp.WindowsPhoneRingtoneApp.WindowsPhone 3e962450-486b-406b-abb5-d38b4ee7e6fe3e962450-486b-406b-abb5-d38b4ee7e6fe Microsoft.TonepickerMicrosoft.Tonepicker
保存铃声Save ringtone d8cf8ec7-ec6d-4892-aab9-1e3a4b5fa24bd8cf8ec7-ec6d-4892-aab9-1e3a4b5fa24b
“设置”Settings 2a4e62d8-8809-4787-89f8-69d0f01654fb2a4e62d8-8809-4787-89f8-69d0f01654fb 2a4e62d8-8809-4787-89f8-69d0f01654fb2a4e62d8-8809-4787-89f8-69d0f01654fb
“设置”Settings SystemSettingsSystemSettings
安装向导Setup wizard 07d87655-e4f0-474b-895a-773790ad4a3207d87655-e4f0-474b-895a-773790ad4a32
共享Sharing b0894dfd-4671-4bb9-bc17-a8b39947ffb6b0894dfd-4671-4bb9-bc17-a8b39947ffb6
登录 Windows 10 全息版Sign-in for Windows 10 Holographic WebAuthBridgeInternetSso、WebAuthBridgeInternet、WebAuthBridgeIntranetSso、WebAuthBrokerInternetSso、WebAuthBrokerInternetSso、WebAuthBrokerInternetSso、WebAuthBrokerInternetInternet、WebAuthBrokerIntranetSso、SignInWebAuthBridgeInternetSso, WebAuthBridgeInternet, WebAuthBridgeIntranetSso, WebAuthBrokerInternetSso, WebAuthBrokerInternetSso, WebAuthBrokerInternetSso, WebAuthBrokerInternet, WebAuthBrokerIntranetSso, SignIn
SkypeSkype c3f8e570-68b3-4d6a-bdbb-c0a3f4360a51c3f8e570-68b3-4d6a-bdbb-c0a3f4360a51 Microsoft.SkypeAppMicrosoft.SkypeApp
Skype 视频Skype Video 27e26f40-e031-48a6-b130-d1f20388991a27e26f40-e031-48a6-b130-d1f20388991a Microsoft.MessagingMicrosoft.Messaging
体育Sports 0f4c8c7e-7114-4e1e-a84c-50664db13b170f4c8c7e-7114-4e1e-a84c-50664db13b17 Microsoft.BingSportsMicrosoft.BingSports
SSMHostSSMHost e232aa77-2b6d-442c-b0c3-f3bb9788af2ae232aa77-2b6d-442c-b0c3-f3bb9788af2a
“开始”菜单Start 5b04b775-356b-4aa0-aaf8-6491ffea56025b04b775-356b-4aa0-aaf8-6491ffea5602 5b04b775-356b-4aa0-aaf8-6491ffea56025b04b775-356b-4aa0-aaf8-6491ffea5602
存储Storage 5b04b775-356b-4aa0-aaf8-6491ffea564d5b04b775-356b-4aa0-aaf8-6491ffea564d 5b04b775-356b-4aa0-aaf8-6491ffea564d5b04b775-356b-4aa0-aaf8-6491ffea564d
应用商店Store 7d47d89a-7900-47c5-93f2-46eb6d94c1597d47d89a-7900-47c5-93f2-46eb6d94c159 Microsoft.WindowsStoreMicrosoft.WindowsStore
触摸 (手势和触摸) Touch (gestures and touch) bbc57c87-46af-4c2c-824e-ac8104cceb38bbc57c87-46af-4c2c-824e-ac8104cceb38
语音录音机Voice recorder 7311b9c5-a4e9-4c74-bc3c-55b06ba95ad07311b9c5-a4e9-4c74-bc3c-55b06ba95ad0 Microsoft.WindowsSoundRecorderMicrosoft.WindowsSoundRecorder
电子钱包Wallet 587a4577-7868-4745-a29e-f996203f1462587a4577-7868-4745-a29e-f996203f1462 Microsoft.MicrosoftWalletMicrosoft.MicrosoftWallet
电子钱包Wallet 12ae577e-f8d1-4197-a207-4d24c309ff8f12ae577e-f8d1-4197-a207-4d24c309ff8f Microsoft.WalletMicrosoft.Wallet
天气Weather 63c2a117-8604-44e7-8cef-df10be3a57c863c2a117-8604-44e7-8cef-df10be3a57c8 Microsoft.BingWeatherMicrosoft.BingWeather
Windows 默认锁屏界面Windows default lock screen cdd63e31-9307-4ccb-ab62-1ffa5721b503cdd63e31-9307-4ccb-ab62-1ffa5721b503
Windows 反馈Windows Feedback 7604089d-d13f-4a2d-9998-33fc02b63ce37604089d-d13f-4a2d-9998-33fc02b63ce3 Microsoft.WindowsFeedbackMicrosoft.WindowsFeedback
文字Word 258f115c-48f4-4adb-9a68-1387e634459b258f115c-48f4-4adb-9a68-1387e634459b Microsoft.Office.WordMicrosoft.Office.Word
工作或学校帐户Work or school account e5f8b2c4-75ae-45ee-9be8-212e34f77747e5f8b2c4-75ae-45ee-9be8-212e34f77747 Microsoft.AAD.BrokerPluginMicrosoft.AAD.BrokerPlugin
XboxXbox b806836f-eebe-41c9-8669-19e243b81b83b806836f-eebe-41c9-8669-19e243b81b83 Microsoft.XboxAppMicrosoft.XboxApp
Xbox 标识提供程序Xbox identity provider ba88225b-059a-45a2-a8eb-d3580283e49dba88225b-059a-45a2-a8eb-d3580283e49d Microsoft.XboxIdentityProviderMicrosoft.XboxIdentityProvider

允许列表示例Allow list examples

以下示例禁用日历应用程序。The following example disables the calendar application.

<SyncML xmlns="SYNCML:SYNCML1.2">
    <SyncBody>
        <Add>
            <CmdID>$CmdID$</CmdID>
            <Item>
                <Target>
                    <LocURI>./Vendor/MSFT/PolicyManager/My/ApplicationManagement/ApplicationRestrictions</LocURI>
                </Target>
                <Meta>
                    <Format xmlns="syncml:metinf">chr</Format>
                    <Type xmlns="syncml:metinf">text/plain</Type>
                </Meta>
                <Data><AppPolicy Version="1" xmlns="http://schemas.microsoft.com/phone/2013/policy"><Deny><App ProductId="{a558feba-85d7-4665-b5d8-a2ff9c19799b}"/></Deny></AppPolicy>
                </Data>
            </Item>
        </Add>
        <Final/>
    </SyncBody>
</SyncML>

以下示例阻止使用地图应用程序。The following example blocks the usage of the map application.

<SyncML xmlns="SYNCML:SYNCML1.2">
  <SyncBody>
    <Add>
      <CmdID>$CmdID$</CmdID>
      <Item>
        <Target>
          <LocURI>./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/AppLockerPhoneGroup0/StoreApps/Policy</LocURI>
        </Target>
        <Meta>
          <Format xmlns="syncml:metinf">chr</Format>
        </Meta>
        <Data>
            <RuleCollection Type="Appx" EnforcementMode="Enabled">
                <FilePublisherRule Id="a9e18c21-ff8f-43cf-b9fc-db40eed693ba" Name="(Default Rule) All signed Appx packages" Description="Allows members of the Everyone group to run Appx packages that are signed." UserOrGroupSid="S-1-1-0" Action="Allow">
                    <Conditions>
                    <FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*">
                    <BinaryVersionRange LowSection="0.0.0.0" HighSection="*" />
                    </FilePublisherCondition>
                    </Conditions>
                </FilePublisherRule>

                <FilePublisherRule Id="fd686d83-a829-4351-8ff4-27c7de5755d2" Name="Deny Splash appmaps" Description="Deny members of the local Administrators group to run maps." UserOrGroupSid="S-1-1-0" Action="Deny">
                  <Conditions>
                    <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsMaps" BinaryName="*" />
                  </Conditions>
                </FilePublisherRule>

            </RuleCollection>
        </Data>
      </Item>
    </Add>
   <Final/>
  </SyncBody>
</SyncML>

以下示例禁用混合现实门户。The following example disables the Mixed Reality Portal. 在示例中 ,Id可以是任何生成的 GUID,Name**** 可以是你选择的任何名称。In the example, the Id can be any generated GUID and the Name can be any name you choose. 请注意,BinaryName="*" 允许你阻止混合现实门户包中的任何可执行应用。Note that BinaryName="*" allows you to block any app executable in the Mixed Reality Portal package. 本示例中所示的 Binary/VersionRange 将阻止所有版本的混合现实门户应用。Binary/VersionRange, as shown in the example, will block all versions of the Mixed Reality Portal app.

<SyncML xmlns="SYNCML:SYNCML1.2">
    <SyncBody>
        <Add>
            <CmdID>$CmdID$</CmdID>
            <Item>
                <Target>
                    <LocURI>./Vendor/MSFT/PolicyManager/My/ApplicationManagement/ApplicationRestrictions</LocURI>
                </Target>
                <Meta>
                    <Format xmlns="syncml:metinf">chr</Format>
                    <Type xmlns="syncml:metinf">text/plain</Type>
                </Meta>
                <Data>
                  <RuleCollection Type="Appx" EnforcementMode="Enabled">
                   <FilePublisherRule Id="a9e18c21-ff8f-43cf-b9fc-db40eed693ba" Name="(Default Rule) All signed packaged apps" Description="Allows members of the Everyone group to run packaged apps that are signed." UserOrGroupSid="S-1-1-0" Action="Allow">
                    <Conditions>
                      <FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*">
                        <BinaryVersionRange LowSection="0.0.0.0" HighSection="*" />
                      </FilePublisherCondition>
                    </Conditions>
                  </FilePublisherRule>
                  <FilePublisherRule Id="d26da4e7-0b01-484d-a8d3-d5b5341b2d55" Name="Block Mixed Reality Portal" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
                   <Conditions>
                     <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.HolographicFirstRun" BinaryName="*">
                      <BinaryVersionRange LowSection="*" HighSection="*" />
                      </FilePublisherCondition>
                    </Conditions>
                  </FilePublisherRule>
                 </RuleCollection>>
                </Data>
            </Item>
        </Add>
        <Final/>
    </SyncBody>
</SyncML>

Windows 10 移动版以下示例拒绝所有应用并允许以下应用:The following example for Windows 10 Mobile denies all apps and allows the following apps:

本示例中 ,MobileGroup0 是节点名称。In this example, MobileGroup0 is the node name. 我们建议对此节点使用 GUID。We recommend using a GUID for this node.

<?xml version="1.0" encoding="utf-8"?>
<SyncML>
  <SyncBody>
    <Add>
      <CmdID>1</CmdID>
      <Item>
        <Target>
          <LocURI>./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/MobileGroup0</LocURI>
        </Target>
      </Item>
    </Add>
    <Add>
      <CmdID>2</CmdID>
      <Item>
        <Target>
          <LocURI>./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/MobileGroup0/StoreApps</LocURI>
        </Target>
      </Item>
    </Add>
    <Replace>
      <CmdID>3</CmdID>
      <Item>
        <Target>
          <LocURI>./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/MobileGroup0/StoreApps/Policy</LocURI>
        </Target>
        <Meta>
          <Format xmlns="syncml:metinf">chr</Format>
        </Meta>
        <Data>
<RuleCollection Type="Appx" EnforcementMode="Enabled">

    <FilePublisherRule Id="172B8ACE-AAF5-41FA-941A-93AEE126B4A9" Name="Default Rule to Deny ALL" Description="Deny all publisher" UserOrGroupSid="S-1-1-0" Action="Deny">
        <Conditions>
            <FilePublisherCondition PublisherName="CN=*" ProductName="*" BinaryName="*">
                <BinaryVersionRange LowSection="*" HighSection="*"/>
            </FilePublisherCondition>
        </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="DDCD112F-E003-4874-8B3E-14CB23851D54" Name="Whitelist Settings splash app" Description="Allow Admins to run Settings." UserOrGroupSid="S-1-1-0" Action="Allow">
        <Conditions>
            <FilePublisherCondition PublisherName="*" ProductName="2A4E62D8-8809-4787-89F8-69D0F01654FB" BinaryName="*">
                <BinaryVersionRange LowSection="*" HighSection="*"/>
            </FilePublisherCondition>
        </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="757D94A8-C752-4013-9896-D46EF10925E9" Name="Whitelist Settings WorkOrSchool" Description="Allow Admins to run WorkOrSchool" UserOrGroupSid="S-1-1-0" Action="Allow">
        <Conditions>
            <FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA562A" BinaryName="*">
                <BinaryVersionRange LowSection="*" HighSection="*"/>
            </FilePublisherCondition>
        </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="473BCE1A-94D2-4AE1-8CB1-064B0677CACB" Name="Whitelist WorkPlace AAD BrokerPlugin" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
        <Conditions>
            <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.AAD.BrokerPlugin" BinaryName="*" >
                <BinaryVersionRange LowSection="*" HighSection="*"/>
            </FilePublisherCondition>
        </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="E13EA64B-B0D3-4257-87F4-1B522D06EA03" Name="Whitelist Start" Description="Allow Admins to run Start." UserOrGroupSid="S-1-1-0" Action="Allow">
        <Conditions>
            <FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA5602" BinaryName="*" >
                <BinaryVersionRange LowSection="*" HighSection="*"/>
            </FilePublisherCondition>
        </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="2898C4B2-4B37-4BFF-8F7B-16B377EDEA88" Name="Whitelist SettingsPageKeyboard" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
        <Conditions>
            <FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5608" BinaryName="*">
                <BinaryVersionRange LowSection="*" HighSection="*"/>
            </FilePublisherCondition>
        </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="15BBA04F-3989-4FF7-9FEF-83C4DFDABA27" Name="Whitelist SettingsPageTimeRegion" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
        <Conditions>
            <FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea560c" BinaryName="*">
                <BinaryVersionRange LowSection="*" HighSection="*"/>
            </FilePublisherCondition>
        </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="C3735CB1-060D-4D40-9708-6D33B98A7A2D" Name="Whitelist SettingsPagePCSystemBluetooth" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
        <Conditions>
            <FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5620" BinaryName="*">
                <BinaryVersionRange LowSection="*" HighSection="*"/>
            </FilePublisherCondition>
        </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="AFACF5A3-2974-41EE-A31A-1486F593C145" Name="Whitelist SettingsPageNetworkAirplaneMode" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
        <Conditions>
            <FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5621" BinaryName="*">
                <BinaryVersionRange LowSection="*" HighSection="*"/>
            </FilePublisherCondition>
        </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="7B02A339-9E77-4694-AF86-119265138129" Name="Whitelist SettingsPageNetworkWiFi" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
        <Conditions>
            <FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA5623" BinaryName="*">
                <BinaryVersionRange LowSection="*" HighSection="*"/>
            </FilePublisherCondition>
        </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="F912172F-9D83-46F5-8D6C-BA7AB17063BE" Name="Whitelist SettingsPageNetworkInternetSharing" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
        <Conditions>
            <FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA5629" BinaryName="*">
                <BinaryVersionRange LowSection="*" HighSection="*"/>
            </FilePublisherCondition>
        </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="67AE8001-4E49-442A-AD72-F837129ABF63" Name="Whitelist SettingsPageRestoreUpdate" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
        <Conditions>
            <FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5640" BinaryName="*">
                <BinaryVersionRange LowSection="*" HighSection="*"/>
            </FilePublisherCondition>
        </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="7B65BCB2-4B1D-42B6-921B-B87F1474BDC5" Name="Whitelist SettingsPageKidsCorner" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
        <Conditions>
            <FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5802" BinaryName="*">
                <BinaryVersionRange LowSection="*" HighSection="*"/>
            </FilePublisherCondition>
        </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="3964A53B-E131-4ED6-88DA-71FBDBE4E232" Name="Whitelist SettingsPageDrivingMode" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
        <Conditions>
            <FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5804" BinaryName="*">
                <BinaryVersionRange LowSection="*" HighSection="*"/>
            </FilePublisherCondition>
        </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="99C4CD58-51A2-429A-B479-976ADB4EA757" Name="Whitelist SettingsPageTimeLanguage" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
        <Conditions>
            <FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5808" BinaryName="*">
                <BinaryVersionRange LowSection="*" HighSection="*"/>
            </FilePublisherCondition>
        </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="EBA3BCBE-4651-48CE-8F94-C5AC5D8F72FB" Name="Whitelist SettingsPageAppsCorner" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
        <Conditions>
            <FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea580a" BinaryName="*">
                <BinaryVersionRange LowSection="*" HighSection="*"/>
            </FilePublisherCondition>
        </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="E16EABCC-46E7-4AB3-9F48-67FFF941BBDC" Name="Whitelist SettingsPagePhoneNfc" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
        <Conditions>
            <FilePublisherCondition PublisherName="*" ProductName="b0894dfd-4671-4bb9-bc17-a8b39947ffb6" BinaryName="*">
                <BinaryVersionRange LowSection="*" HighSection="*"/>
            </FilePublisherCondition>
        </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="1F4C3904-9976-4FEE-A492-5708F14EABA5" Name="Whitelist MSA Cloud Experience Host" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.CloudExperienceHost" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="AA741A28-7C02-49A5-AA5C-35D53FB8A9DC" Name="Whitelist Email and Accounts" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.AccountsControl" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="863BE063-D134-4C5C-9825-9DF9A86B6B56" Name="Whitelist Calculator" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsCalculator" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="1DA2F479-3D1D-4425-9FFA-D4E6908F945A" Name="Whitelist Alarms and  Clock" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsAlarms" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="18E12372-21C6-4DA5-970E-0A58739D7151" Name="Whitelist People" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.People" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="FD686D83-A829-4351-8FF4-27C7DE5755D2" Name="Whitelist Camera" Description="Allow Admins to run camera." UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsCamera" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="16875F70-1778-43CC-96BB-783C9A8E53D5" Name="Whitelist WindowsMaps" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsMaps" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="D21D6F9D-CFF6-4AD1-867A-2411CE6A388D" Name="Whitelist FileExplorer" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="c5e2524a-ea46-4f67-841f-6a9465d9d515" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="450B6D7E-1738-41C9-9241-466C3FA4AB0C" Name="Whitelist FM Radio" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="*" ProductName="F725010E-455D-4C09-AC48-BCDEF0D4B626" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="37F4272C-F4A0-4AB8-9B5F-C9194A0EC6F3" Name="Whitelist Microsoft Edge" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MicrosoftEdge" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="253D3AEA-36C0-4877-B932-9E9C9493F3F3" Name="Whitelist Movies" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.ZuneVideo" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="9A73E081-01D1-4BFD-ADF4-5C29AD4031F7" Name="Whitelist Money" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.BingFinance" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="EE4BF66C-EBF0-4565-982C-922FFDCB2E6D" Name="Whitelist News" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.BingNews" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="D78E6A9D-10F8-4C23-B620-40B01B60E5EA" Name="Whitelist Onedrive" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="*" ProductName="AD543082-80EC-45BB-AA02-FFE7F4182BA8" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="0012F35E-C242-47FF-A573-3DA06AF7E43C" Name="Whitelist Onedrive APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MicrosoftSkydrive" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="178B0D68-3498-40CE-A0C3-295C6B3DA169" Name="Whitelist OneNote" Description="Allow Admins to run onenote." UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Office.OneNote" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="673914E4-D73A-405D-8DCF-173E36EA6722" Name="Whitelist GetStarted" Description="Allow Admins to run onenote." UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Getstarted" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="4546BD28-69B6-4175-A44C-33197D48F658" Name="Whitelist Outlook Calendar" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="microsoft.windowscommunicationsapps" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="7B843572-E1AD-45E6-A1F2-C551C70E4A34" Name="Whitelist Outlook Mail" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="microsoft.windowscommunicationsapps" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="E5A1CD1A-8C23-41E4-AACF-BF82FCE775A5" Name="Whitelist Photos" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.Photos" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="0A194DD1-B25B-4512-8AFC-6F560D0EC205" Name="Whitelist PodCasts" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MSPodcast" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="F5D27860-0238-4D1A-8011-9B8B263C3A33" Name="Whitelist SkypeApp" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="*" ProductName="Microsoft.SkypeApp" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="B8BBC965-EC6D-4C16-AC68-C5F0090CB703" Name="Whitelist Store" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsStore" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="6031E1E7-A659-4B3D-87FB-3CB4C900F9D2" Name="Whitelist Sports" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.BingSports" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="A6D61B56-7CF7-4E95-953C-3A5913309B4E" Name="Whitelist Wallet" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MicrosoftWallet" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="A2C44744-0627-4A52-937E-E3EC1ED476E0" Name="Whitelist Weather" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.BingWeather" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="D79978B4-EFAE-4458-8FE1-0F13B5CE6764" Name="Whitelist Xbox" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.XboxApp" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="395713B9-DD39-4741-8AB3-63D0A0DCA2B0" Name="Whitelist Xbox Identity Provider" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.XboxIdentityProvider" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="7565A8BB-D50B-4237-A9E9-B0997B36BDF9" Name="Whitelist Voice recorder" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsSoundRecorder" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="409A286E-8C3D-48AB-9D7C-3225A48B30C9" Name="Whitelist Word" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
        <Conditions>
            <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Office.Word" BinaryName="*" />
        </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="F72A5DA6-CA6A-4E7F-A350-AC9FACAB47DB" Name="Whitelist Excel" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
        <Conditions>
            <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Office.Excel" BinaryName="*" />
        </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="169B3498-2A73-4D5C-8AFB-A0DE2908A07D" Name="Whitelist PowerPoint" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
        <Conditions>
            <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Office.PowerPoint" BinaryName="*" />
        </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="A483B662-3538-4D70-98A7-1312D51A0DB9" Name="Whitelist Contact Support" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Windows.ContactSupport" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="EAB1CEDC-DD8A-4311-9146-27A3C689DEAF" Name="Whitelist Cortana" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.Cortana" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="01CD8E68-666B-4DE6-8849-7CE4F0C37CA8" Name="Whitelist Storage" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA564D" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="15D9AD89-58BC-458E-9B96-3A18DA63AC3E" Name="Whitelist Groove Music" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.ZuneMusic" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="E2B71B03-D759-4AE2-8526-E1A0CE2801DE" Name="Whitelist Windows Feedback" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsFeedback" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="E7A30489-A20B-44C3-91A8-19D9F61A8B5B" Name="Whitelist Messaging and Messaging Video" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Messaging" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="D2A16D0C-8CC0-4C3A-9FB5-C1DB1B380CED" Name="Whitelist Phone splash" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
    <FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA5611" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="2A355478-7449-43CB-908A-A378AA59FBB9" Name="Whitelist Phone APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.CommsPhone" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="89441630-7F1C-439B-8FFD-0BEEFF400C9B" Name="Whitelist Connect APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.DevicesFlow" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="E8AF01B5-7039-44F4-8072-6A6CC71EDF2E" Name="Whitelist Miracast APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="906BEEDA-B7E6-4DDC-BA8D-AD5031223EF9" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="DA02425B-0291-4A10-BE7E-B9C7922F4EDF" Name="Whitelist Print Dialog APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.PrintDialog" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="42919A05-347B-4A5F-ACB2-73710A2E6203" Name="Whitelist Block and Filter APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.BlockandFilterglobal" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="6F3D8885-C15E-4D7E-8E1F-F2A560C08F9E" Name="Whitelist MSFacebook" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MSFacebook" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

    <FilePublisherRule Id="5168A5C3-5DC9-46C1-87C0-65A9DE1B4D18" Name="Whitelist Advanced Info" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePublisherCondition PublisherName="*" ProductName="B6E3E590-9FA5-40C0-86AC-EF475DE98E88" BinaryName="*" />
      </Conditions>
    </FilePublisherRule>

</RuleCollection>
        </Data>
      </Item>
    </Replace>
    <Final/>
  </SyncBody>
</SyncML>

Windows 10 Holographic for Business 示例Example for Windows 10 Holographic for Business

Windows 10 全息版以下示例拒绝所有应用,并允许启用最小收件箱应用集以启用工作设备以及"设置"。The following example for Windows 10 Holographic for Business denies all apps and allows the minimum set of inbox apps to enable to enable a working device, as well as Settings.

<RuleCollection Type="Appx" EnforcementMode="Enabled">
    <FilePublisherRule Id="96B82A15-F841-499a-B674-963DC647762F"
                     Name="Whitelist BackgroundTaskHost"
                     Description=""
                     UserOrGroupSid="S-1-1-0"
                     Action="Allow">
    <Conditions>
      <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
          ProductName="*"
          BinaryName="BackgroundTaskHost*">
        <BinaryVersionRange LowSection="*" HighSection="*" />
      </FilePublisherCondition>
    </Conditions>
  </FilePublisherRule>
  <FilePublisherRule Id="8D345CB2-AC5B-4b6b-8F0B-DCE3F6FB9259"
                     Name="Whitelist CertInstaller"
                     Description=""
                     UserOrGroupSid="S-1-1-0"
                     Action="Allow">
    <Conditions>
      <FilePublisherCondition PublisherName="*"
          ProductName="4c4ad968-7100-49de-8cd1-402e198d869e"
          BinaryName="*">
        <BinaryVersionRange LowSection="*" HighSection="*" />
      </FilePublisherCondition>
    </Conditions>
  </FilePublisherRule>
  <FilePublisherRule Id="9F07FB38-B952-4f3c-A17A-CE7EC8132987"
                     Name="Whitelist MigrationUI"
                     Description=""
                     UserOrGroupSid="S-1-1-0"
                     Action="Allow">
    <Conditions>
      <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
          ProductName="MigrationUIApp"
          BinaryName="*">
        <BinaryVersionRange LowSection="*" HighSection="*" />
      </FilePublisherCondition>
    </Conditions>
  </FilePublisherRule>
  <FilePublisherRule Id="1C32E96F-2F44-4317-9D98-2F624147D7AE"
                     Name="Whitelist CredDiagHost"
                     Description=""
                     UserOrGroupSid="S-1-1-0"
                     Action="Allow">
    <Conditions>
      <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
          ProductName="Microsoft.CredDialogHost"
          BinaryName="*">
        <BinaryVersionRange LowSection="*" HighSection="*" />
      </FilePublisherCondition>
    </Conditions>
  </FilePublisherRule>
  <FilePublisherRule Id="53DCC751-E92A-4d0a-84DF-E6EAC2A7C7CE"
                     Name="Whitelist Settings"
                     Description=""
                     UserOrGroupSid="S-1-1-0"
                     Action="Allow">
    <Conditions>
      <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
          ProductName="SystemSettings"
          BinaryName="*">
        <BinaryVersionRange LowSection="*" HighSection="*" />
      </FilePublisherCondition>
    </Conditions>
  </FilePublisherRule>
  <FilePublisherRule Id="70D9E233-81F4-4707-B79D-58F9C3A6BFB1"
                     Name="Whitelist HoloShell"
                     Description=""
                     UserOrGroupSid="S-1-1-0"
                     Action="Allow">
    <Conditions>
      <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
          ProductName="HoloShell"
          BinaryName="*">
        <BinaryVersionRange LowSection="*" HighSection="*" />
      </FilePublisherCondition>
    </Conditions>
  </FilePublisherRule>
  <FilePublisherRule Id="6557A9BC-BA1F-4b7d-90FD-8C620CA81906"
                     Name="Whitelist MSA"
                     Description=""
                     UserOrGroupSid="S-1-1-0"
                     Action="Allow">
    <Conditions>
      <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
          ProductName="Microsoft.Windows.CloudExperienceHost"
          BinaryName="*">
        <BinaryVersionRange LowSection="*" HighSection="*" />
      </FilePublisherCondition>
    </Conditions>
  </FilePublisherRule>
  <FilePublisherRule Id="81CD98A6-82EC-443f-87F8-039B00DFBE78"
                     Name="Whitelist BrokerPlugin"
                     Description=""
                     UserOrGroupSid="S-1-1-0"
                     Action="Allow">
    <Conditions>
      <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
          ProductName="Microsoft.AAD.BrokerPlugin"
          BinaryName="*">
        <BinaryVersionRange LowSection="*" HighSection="*" />
      </FilePublisherCondition>
    </Conditions>
  </FilePublisherRule>
  <FilePublisherRule Id="1330E03E-7D43-4e01-9853-40ED8CF62D10"
                     Name="Whitelist SignIn1"
                     Description=""
                     UserOrGroupSid="S-1-1-0"
                     Action="Allow">
    <Conditions>
      <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
          ProductName="WebAuthBridgeInternetSso"
          BinaryName="*">
        <BinaryVersionRange LowSection="*" HighSection="*" />
      </FilePublisherCondition>
    </Conditions>
  </FilePublisherRule>
  <FilePublisherRule Id="107EC30A-2CEF-4ec1-B556-F7DAA7DF7998"
                     Name="Whitelist SignIn2"
                     Description=""
                     UserOrGroupSid="S-1-1-0"
                     Action="Allow">
    <Conditions>
      <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
          ProductName="WebAuthBridgeInternet"
          BinaryName="*">
        <BinaryVersionRange LowSection="*" HighSection="*" />
      </FilePublisherCondition>
    </Conditions>
  </FilePublisherRule>
  <FilePublisherRule Id="F806AC17-3E31-4a83-92EB-6A34696478D1"
                     Name="Whitelist SignIn3"
                     Description=""
                     UserOrGroupSid="S-1-1-0"
                     Action="Allow">
    <Conditions>
      <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
          ProductName="WebAuthBridgeIntranetSso"
          BinaryName="*">
        <BinaryVersionRange LowSection="*" HighSection="*" />
      </FilePublisherCondition>
    </Conditions>
  </FilePublisherRule>
  <FilePublisherRule Id="E8CAF694-2256-4516-BDCC-CDABF218573C"
                     Name="Whitelist SignIn4"
                     Description=""
                     UserOrGroupSid="S-1-1-0"
                     Action="Allow">
    <Conditions>
      <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
          ProductName="WebAuthBrokerInternetSso"
          BinaryName="*">
        <BinaryVersionRange LowSection="*" HighSection="*" />
      </FilePublisherCondition>
    </Conditions>
  </FilePublisherRule>
  <FilePublisherRule Id="5918428D-B9A8-4810-8FB4-25AE5A25D5A7"
                     Name="Whitelist SignIn5"
                     Description=""
                     UserOrGroupSid="S-1-1-0"
                     Action="Allow">
    <Conditions>
      <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
          ProductName="WebAuthBrokerInternet"
          BinaryName="*">
        <BinaryVersionRange LowSection="*" HighSection="*" />
      </FilePublisherCondition>
    </Conditions>
  </FilePublisherRule>
  <FilePublisherRule Id="C90D99E3-C3EE-47c5-B181-7E8C54FA66B3"
                     Name="Whitelist SignIn6"
                     Description=""
                     UserOrGroupSid="S-1-1-0"
                     Action="Allow">
    <Conditions>
      <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
          ProductName="WebAuthBrokerIntranetSso"
          BinaryName="*">
        <BinaryVersionRange LowSection="*" HighSection="*" />
      </FilePublisherCondition>
    </Conditions>
  </FilePublisherRule>
  <FilePublisherRule Id="9CD87A91-FB48-480d-B788-3770A950CD03"
                     Name="Whitelist SignIn7"
                     Description=""
                     UserOrGroupSid="S-1-1-0"
                     Action="Allow">
    <Conditions>
      <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
          ProductName="SignIn"
          BinaryName="*">
        <BinaryVersionRange LowSection="*" HighSection="*" />
      </FilePublisherCondition>
    </Conditions>
  </FilePublisherRule>
  <FilePublisherRule Id="DCF74448-C287-4195-9072-8F3649AB9305"
                     Name="Whitelist Cortana"
                     Description=""
                     UserOrGroupSid="S-1-1-0"
                     Action="Allow">
    <Conditions>
      <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
          ProductName="Microsoft.Windows.Cortana"
          BinaryName="*">
        <BinaryVersionRange LowSection="*" HighSection="*" />
      </FilePublisherCondition>
    </Conditions>
  </FilePublisherRule>
  <FilePublisherRule Id="BE4FD0C4-527B-45a3-A5B8-F4EA00584779"
                      Name="Whitelist Cortana ListenUI"
                      Description=""
                      UserOrGroupSid="S-1-1-0"
                      Action="Allow">
    <Conditions>
      <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
          ProductName="CortanaListenUI"
          BinaryName="*">
        <BinaryVersionRange LowSection="*" HighSection="*" />
      </FilePublisherCondition>
    </Conditions>
  </FilePublisherRule>
  <FilePublisherRule Id="336509A7-FFBA-48cb-81BD-8DF9060B3CF8"
                     Name="Whitelist Email and accounts"
                     Description=""
                     UserOrGroupSid="S-1-1-0"
                     Action="Allow">
    <Conditions>
      <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
          ProductName="Microsoft.AccountsControl"
          BinaryName="*">
        <BinaryVersionRange LowSection="*" HighSection="*" />
      </FilePublisherCondition>
    </Conditions>
  </FilePublisherRule>
  <FilePublisherRule Id="55912F15-0B94-445b-80E1-83BC8F0E8999"
                     Name="Whitelist Device Portal PIN UX"
                     Description=""
                     UserOrGroupSid="S-1-1-0"
                     Action="Allow">
    <Conditions>
      <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
          ProductName="holopairingapp"
          BinaryName="*">
        <BinaryVersionRange LowSection="*" HighSection="*" />
      </FilePublisherCondition>
    </Conditions>
  </FilePublisherRule>
</RuleCollection>

Windows 10 版本 1607 的以下示例拒绝已知的非轻型 Microsoft 应用作为允许的应用访问企业数据。The following example for Windows 10, version 1607 denies known unenlightened Microsoft apps from accessing enterprise data as an allowed app. (管理员可能仍改为使用豁免规则。) 这可确保管理员不会意外允许这些应用使用 Windows 信息保护,并避免与使用这些应用程序自动进行文件加密相关的已知兼容性问题。(An administrator might still use an exempt rule, instead.) This ensures an administrator does not accidentally make these apps Windows Information Protection allowed, and avoid known compatibility issues related to automatic file encryption with these applications.

本示例中,Contoso 是节点名称。In this example, Contoso is the node name. 我们建议对此节点使用 GUID。We recommend using a GUID for this node.

<?xml version="1.0" encoding="utf-8"?>
<SyncML>
  <SyncBody>
    <Add>
      <CmdID>1</CmdID>
      <Item>
        <Target>
          <LocURI>./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Contoso</LocURI>
        </Target>
      </Item>
    </Add>
    <Add>
      <CmdID>2</CmdID>
      <Item>
        <Target>
          <LocURI>./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Contoso/EXE</LocURI>
        </Target>
      </Item>
    </Add>
    <Replace>
      <CmdID>3</CmdID>
      <Item>
        <Target>
          <LocURI>./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Contoso/EXE/Policy</LocURI>
        </Target>
        <Meta>
          <Format xmlns="syncml:metinf">chr</Format>
        </Meta>
        <Data>
<RuleCollection Type="Exe" EnforcementMode="Enabled">
  <FilePublisherRule Id="b005eade-a5ee-4f5a-be45-d08fa557a4b2" Name="MICROSOFT OFFICE, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
    <Conditions>
      <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE" BinaryName="*">
        <BinaryVersionRange LowSection="*" HighSection="*" />
      </FilePublisherCondition>
    </Conditions>
      <Exceptions>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE" BinaryName="EXCEL.EXE">
          <BinaryVersionRange LowSection="16.0.10336.20000" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE" BinaryName="LYNC.EXE">
          <BinaryVersionRange LowSection="16.0.10336.20000" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE" BinaryName="LYNC99.EXE">
          <BinaryVersionRange LowSection="16.0.10336.20000" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE" BinaryName="MSOSYNC.EXE">
          <BinaryVersionRange LowSection="16.0.10336.20000" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE" BinaryName="OCPUBMGR.EXE">
          <BinaryVersionRange LowSection="16.0.10336.20000" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE" BinaryName="POWERPNT.EXE">
          <BinaryVersionRange LowSection="16.0.10336.20000" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE" BinaryName="UCMAPI.EXE">
          <BinaryVersionRange LowSection="16.0.10336.20000" HighSection="*" />
        </FilePublisherCondition>
        <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE" BinaryName="WINWORD.EXE">
          <BinaryVersionRange LowSection="16.0.10336.20000" HighSection="*" />
        </FilePublisherCondition>
      </Exceptions>    
  </FilePublisherRule>
  <FilePublisherRule Id="de9f3461-6856-405d-9624-a80ca701f6cb" Name="MICROSOFT OFFICE 2003, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
    <Conditions>
      <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2003" BinaryName="*">
        <BinaryVersionRange LowSection="*" HighSection="*" />
      </FilePublisherCondition>
    </Conditions>
  </FilePublisherRule>
  <FilePublisherRule Id="ade1b828-7055-47fc-99bc-432cf7d1209e" Name="2007 MICROSOFT OFFICE SYSTEM, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
    <Conditions>
      <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="2007 MICROSOFT OFFICE SYSTEM" BinaryName="*">
        <BinaryVersionRange LowSection="*" HighSection="*" />
      </FilePublisherCondition>
    </Conditions>
  </FilePublisherRule>
  <FilePublisherRule Id="f6a075b5-a5b5-4654-abd6-731dacb40d95" Name="MICROSOFT OFFICE ONENOTE, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
    <Conditions>
      <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE ONENOTE" BinaryName="*">
        <BinaryVersionRange LowSection="*" HighSection="12.0.9999.9999" />
      </FilePublisherCondition>
    </Conditions>
  </FilePublisherRule>
  <FilePublisherRule Id="0ec03b2f-e9a4-4743-ae60-6d29886cf6ae" Name="MICROSOFT OFFICE OUTLOOK, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
    <Conditions>
      <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE OUTLOOK" BinaryName="*">
        <BinaryVersionRange LowSection="*" HighSection="12.0.9999.9999" />
      </FilePublisherCondition>
    </Conditions>
  </FilePublisherRule>
  <FilePublisherRule Id="7b272efd-4105-4fb7-9d40-bfa597c6792a" Name="MICROSOFT OFFICE 2013, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
    <Conditions>
      <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2013" BinaryName="*">
        <BinaryVersionRange LowSection="*" HighSection="*" />
      </FilePublisherCondition>
    </Conditions>
  </FilePublisherRule>
  <FilePublisherRule Id="89d8a4d3-f9e3-423a-92ae-86e7333e2662" Name="MICROSOFT ONENOTE, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
    <Conditions>
      <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT ONENOTE" BinaryName="*">
        <BinaryVersionRange LowSection="*" HighSection="*" />
      </FilePublisherCondition>
    </Conditions>
    <Exceptions>
      <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT ONENOTE" BinaryName="ONENOTE.EXE">
        <BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" />
      </FilePublisherCondition>
    </Exceptions>
  </FilePublisherRule>
  <FilePublisherRule Id="5a2138bd-8042-4ec5-95b4-f990666fbf61" Name="MICROSOFT OUTLOOK, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
    <Conditions>
      <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OUTLOOK" BinaryName="*">
        <BinaryVersionRange LowSection="*" HighSection="*" />
      </FilePublisherCondition>
    </Conditions>
    <Exceptions>
      <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OUTLOOK" BinaryName="OUTLOOK.EXE">
        <BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" />
      </FilePublisherCondition>
    </Exceptions>
  </FilePublisherRule>
  <FilePublisherRule Id="3fc5f9c5-f180-435b-838f-2960106a3860" Name="MICROSOFT ONEDRIVE, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
    <Conditions>
      <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT ONEDRIVE" BinaryName="*">
        <BinaryVersionRange LowSection="*" HighSection="*" />
      </FilePublisherCondition>
    </Conditions>
    <Exceptions>
      <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT ONEDRIVE" BinaryName="ONEDRIVE.EXE">
        <BinaryVersionRange LowSection="17.3.6386.0412" HighSection="*" />
      </FilePublisherCondition>
    </Exceptions>
  </FilePublisherRule>
  <FilePublisherRule Id="17d988ef-073e-4d92-b4bf-f477b2ecccb5" Name="MICROSOFT OFFICE 2016, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
    <Conditions>
      <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="*">
        <BinaryVersionRange LowSection="*" HighSection="*" />
      </FilePublisherCondition>
    </Conditions>
    <Exceptions>
      <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="LYNC.EXE">
        <BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" />
      </FilePublisherCondition>
      <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="LYNC99.EXE">
        <BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" />
      </FilePublisherCondition>
      <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="UCMAPI.EXE">
        <BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" />
      </FilePublisherCondition>
      <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="OCPUBMGR.EXE">
        <BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" />
      </FilePublisherCondition>
      <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="WINWORD.EXE">
        <BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" />
      </FilePublisherCondition>
      <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="EXCEL.EXE">
        <BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" />
      </FilePublisherCondition>
      <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="POWERPNT.EXE">
        <BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" />
      </FilePublisherCondition>
      <FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="MSOSYNC.EXE">
        <BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" />
      </FilePublisherCondition>
    </Exceptions>
  </FilePublisherRule>
</RuleCollection>
        </Data>
      </Item>
    </Replace>
    <Final/>
  </SyncBody>
</SyncML>

配置服务提供程序参考Configuration service provider reference