dmcxblue · December 19, 2023 17:12
diff --git a/AppLocker_Rules.xml b/AppLocker_Rules.xml
 <AppLockerPolicy Version="1">
  <RuleCollection Type="Exe" EnforcementMode="NotConfigured">
    <FilePathRule Id="9d86e76a-1a51-4328-bdb4-d6c89be61727" Name="Block CMD" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
      <Conditions>
        <FilePathCondition Path="%SYSTEM32%\cmd.exe" />
      </Conditions>
    </FilePathRule>
    <FilePathRule Id="921cc481-6e17-4653-8f75-050b80acca20" Name="(Default Rule) All files located in the Program Files folder" Description="Allows members of the Everyone group to run applications that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePathCondition Path="%PROGRAMFILES%\*" />
      </Conditions>
    </FilePathRule>
    <FilePathRule Id="a61c8b2c-a319-4cd0-9690-d2177cad7b51" Name="(Default Rule) All files located in the Windows folder" Description="Allows members of the Everyone group to run applications that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow">
      <Conditions>
        <FilePathCondition Path="%WINDIR%\*" />
      </Conditions>
    </FilePathRule>
    <FilePathRule Id="fd686d83-a829-4351-8ff4-27c7de5755d2" Name="(Default Rule) All files" Description="Allows members of the local Administrators group to run all applications." UserOrGroupSid="S-1-5-32-544" Action="Allow">
      <Conditions>
        <FilePathCondition Path="*" />
      </Conditions>
    </FilePathRule>
    <FilePathRule Id="acf1c7a5-f2c2-49e1-a000-1351f6285d11" Name="Block PowerShell" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
      <Conditions>
        <FilePathCondition Path="%SYSTEM32%\WindowsPowerShell\v1.0\powershell.exe" />
      </Conditions>
    </FilePathRule>
  </RuleCollection>
  <RuleCollection Type="Msi" EnforcementMode="NotConfigured" />
  <RuleCollection Type="Script" EnforcementMode="NotConfigured" />
  <RuleCollection Type="Dll" EnforcementMode="NotConfigured" />
  <RuleCollection Type="Appx" EnforcementMode="NotConfigured" />
 </AppLockerPolicy>
	<AppLockerPolicy Version="1">
	<RuleCollection Type="Exe" EnforcementMode="NotConfigured">
	<FilePathRule Id="9d86e76a-1a51-4328-bdb4-d6c89be61727" Name="Block CMD" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
	<Conditions>
	<FilePathCondition Path="%SYSTEM32%\cmd.exe" />
	</Conditions>
	</FilePathRule>
	<FilePathRule Id="921cc481-6e17-4653-8f75-050b80acca20" Name="(Default Rule) All files located in the Program Files folder" Description="Allows members of the Everyone group to run applications that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow">
	<Conditions>
	<FilePathCondition Path="%PROGRAMFILES%\*" />
	</Conditions>
	</FilePathRule>
	<FilePathRule Id="a61c8b2c-a319-4cd0-9690-d2177cad7b51" Name="(Default Rule) All files located in the Windows folder" Description="Allows members of the Everyone group to run applications that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow">
	<Conditions>
	<FilePathCondition Path="%WINDIR%\*" />
	</Conditions>
	</FilePathRule>
	<FilePathRule Id="fd686d83-a829-4351-8ff4-27c7de5755d2" Name="(Default Rule) All files" Description="Allows members of the local Administrators group to run all applications." UserOrGroupSid="S-1-5-32-544" Action="Allow">
	<Conditions>
	<FilePathCondition Path="*" />
	</Conditions>
	</FilePathRule>
	<FilePathRule Id="acf1c7a5-f2c2-49e1-a000-1351f6285d11" Name="Block PowerShell" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
	<Conditions>
	<FilePathCondition Path="%SYSTEM32%\WindowsPowerShell\v1.0\powershell.exe" />
	</Conditions>
	</FilePathRule>
	</RuleCollection>
	<RuleCollection Type="Msi" EnforcementMode="NotConfigured" />
	<RuleCollection Type="Script" EnforcementMode="NotConfigured" />
	<RuleCollection Type="Dll" EnforcementMode="NotConfigured" />
	<RuleCollection Type="Appx" EnforcementMode="NotConfigured" />
	</AppLockerPolicy>