1

I'm new to superuser, hello!

I'm trying to block apps on my Windows 10 Home laptop, and this does work with .exe apps:

  • Open regedit
  • Go to Computer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
  • Add a DWORD with DisallowRun with value 1
  • Go to Computer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
  • Add a string value with as name 1 and as string the .exe name (like notepad.exe)
  • Add strings with as name 2, 3, 4, etc. for more

But i can't get it to work with UWP apps

(for example Camera, which appears as 'MicrosoftCamera.exe' in 'C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2021.105.10.0_x64__8wekyb3d8bbwe\MicrosoftCamera.exe' but I can't run it by opening that .exe and it doesn't work when added to registry)

and can't find the solution for this online.

Please note that I have Windows 10 Home, not a version like Enterprise

Edit: Hi again :) I've tried it on a virtual machine and here is the folder where keys are stored: Computer\HKEY_USERS\S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D693923F-961D-413F-B54F-22979CD68730}Machine\Software\Policies\Microsoft\Windows\SrpV2\Appx\a9e18c21-ff8f-43cf-b9fc-db40eed693ba

That UUID at the end is the key removed, which means it's kinda impossible to make these changes manually, I'll stick with the gui.

Here's a step by step guide to do this, for anyone looking.

  • Run this batch file as administrator (from Majorgeeks)
pushd "%~dp0" 

dir /b %SystemRoot%\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientExtensions-Package~3*.mum >List.txt 
dir /b %SystemRoot%\servicing\Packages\Microsoft-Windows-GroupPolicy-ClientTools-Package~3*.mum >>List.txt 

for /f %%i in ('findstr /i . List.txt 2^>nul') do dism /online /norestart /add-package:"%SystemRoot%\servicing\Packages\%%i" 
pause
  • Execute this command as administrator: sc config "AppIDSvc" start=auto & net start "AppIDSvc"
  • Open secpol.msc with WIN+R
  • Follow along with this tutorial for more, success :D

Here are some other changes (measured with regshot):

Keys deleted:
HKU\S-1-5-21-xxxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D693923F-961D-413F-B54F-22979CD68730}Machine\Software\Policies\Microsoft\Windows\SrpV2\Appx\f1e0c1a8-b3c0-42ab-a49f-af46170a79a5

Values deleted:
HKU\S-1-5-21-xxxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{D693923F-961D-413F-B54F-22979CD68730}Machine\Software\Policies\Microsoft\Windows\SrpV2\Appx\f1e0c1a8-b3c0-42ab-a49f-af46170a79a5\Value: " "

Values changed:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\0\Version: 0x000B000B
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\0\Version: 0x000C000C
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}\StartTimeLo: 0xB33D19CA
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}\StartTimeLo: 0x0CBDEC0F
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}\StartTimeHi: 0x01D901CE
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}\StartTimeHi: 0x01D901CF
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}\EndTimeLo: 0xB341C420
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}\EndTimeLo: 0x0CC297B7
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}\EndTimeHi: 0x01D901CE
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}\EndTimeHi: 0x01D901CF
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\GPO-List\0\Version: 0x000B000B
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\GPO-List\0\Version: 0x000C000C
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Status\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\LastPolicyTime: 0x0158545A
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Status\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\LastPolicyTime: 0x0158545D
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\0\Version: 0x000B000B
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Group Policy\History\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\0\Version: 0x000C000C
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}\StartTimeLo: 0xB33D19CA
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}\StartTimeLo: 0x0CBDEC0F
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}\StartTimeHi: 0x01D901CE
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}\StartTimeHi: 0x01D901CF
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}\EndTimeLo: 0xB341C420
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}\EndTimeLo: 0x0CC297B7
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}\EndTimeHi: 0x01D901CE
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}\EndTimeHi: 0x01D901CF
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\GPO-List\0\Version: 0x000B000B
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\GPO-List\0\Version: 0x000C000C
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Group Policy\Status\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\LastPolicyTime: 0x0158545A
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Group Policy\Status\GPExtensions\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\LastPolicyTime: 0x0158545
Improve this question
6
  • Hello ;-) are you trying to BLOCK applications from running or trying to the camera software to run? To open up your webcam or camera, select the Start button, select All apps, then select Camera in the list of applications.
    – vssher
    Commented Nov 20, 2022 at 19:11
  • I was trying to block it from running, I'm sorry for not specifying
    – tygo
    Commented Nov 20, 2022 at 19:15
  • Joe, Google this: How to Block UWP apps from running in Windows 10 there are Windows web sites, etc. your choice, good luck
    – vssher
    Commented Nov 20, 2022 at 19:30
  • All those links are purple my guy, and as i mentioned: I can't find the solution online
    – tygo
    Commented Nov 20, 2022 at 19:34
  • I saw something called applocker tho, i might look into that tomorrow but im going to bed rn
    – tygo
    Commented Nov 20, 2022 at 19:36

1 Answer 1

Reset to default
1

See the article How to Use AppLocker to Block Microsoft Store Apps from Running in Windows 10. It explains every step of the process with detailed screenshots.

The following are just the bare steps to follow. Note that UWP apps are called in Windows "Packaged apps".

  • Ensure the Application Identity service is enabled and running
  • In the Local Security Policy (secpol.msc) in Application Control Policies > AppLocker, Configure rule enforcement, enable Packaged app Rules
  • In the Packaged app Rules context menu, use Create Default Rules, and then Create New Rule for a specific user account/group/everyone to Deny, then select the apps to deny.
  • When finished, close the Local Security Policy window.

The final state will look similar to this :

enter image description here

Improve this answer
4
  • See also Policy Plus - a free open-source tool that gives you access to the Group Policy Editor in Windows Home. See How to Access the Group Policy Editor in Windows Home for a write-up.
    – harrymc
    Commented Nov 21, 2022 at 10:21
  • @joe you could try this i personally run Windows 10 home with gpedit and local security policy, i get it to work with this guide in the second method Note: you need Windows update enabled to be able to download gpedit correctly since dism.exe uses Windows update service by default to download it.
    – user1697214
    Commented Nov 21, 2022 at 17:33
  • Thanks, I haven't tried this and with several other ways I kinda fucked some apps up but is there an option to do this automatically without the GUI, as in registry, command prompt or Powershell, I'm writing a script that blacklists apps from opening
    – tygo
    Commented Nov 21, 2022 at 19:48
  • AppLocker settings are stored in the registry, see one source. I suppose you could create the policy and then check what changed.
    – harrymc
    Commented Nov 21, 2022 at 20:46

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .