4. Determining App List
A specific list of apps can be denied/allowed as well as allowing user to choose apps.
If the apps have been properly identified and denied, you will not be able to re-enable them from the GUI.
Get App package family names
Searching with the GUI name and AppPackage name
usually returns the
related package name. Use AppPackage Names list
to find the general package (then determine the PackageFamilyName
).
An example PackageFamilyName is Microsoft.MicrosoftEdge_8wekyb3d8bbwe
.
Get-AppPackage | Select Name,PackageFamilyName
Setting App List
Read the description for the GPO in question for all options.
GPO policy settings can be found in the registry at
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy
but are
not modifiable.
The identified package family names are added in the Force deny
section.
Example app privacy restriction using ConsentStore
A key needs to be made for each app to block. Valid values are Allow
and Deny
.
Base Registry location HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\microphone\{PACKAGE FAMILY NAME}
Value
SZ
Deny
Updated: 2021-02-19
References