I can't understand why regular domain users are being blocked from running anything as administrator. Something as simple as Command Prompt (Admin) gets you the blue error saying "this app has been blocked by your system administrator." Applocker isn't running. UAC is enabled. I don't have any group policy that would be blocking this. My only assumption is that I don't have something turned on through group policy or it is something with UEM. Maybe something disabled through OS Optimization? Has anyone ran into this issue?
You have application blocking enabled in UEM.
Try disabling it and see if the error goes away. (See screenshot) After you disable it, you need to restart the VM or run "C:\Program Files\Immidio\Flex Profiles\FlexEngine.exe" -UemRefreshApplicationBlocking
If both of those are disabled, have you check out if you have an Software Restriction Policies set?
rsop.msc and check your group policies coming down.
SRP is under:
GPO -> Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Software Restriction Policies
Also, check out application log on the desktop.
I booted up my golden image and it's the same result, so it isn't anything with UEM or group policy as far as I can tell. Perhaps it's the VMWare OS Optimization tool. Going to have to build a regular VM and test. Will report back.