VMware Horizon Community
JHBPJF
Enthusiast
Enthusiast
‎02-28-2018 02:36 PM
Jump to solution

This app has been blocked by your system administrator. - Windows 10 1709 + UEM

I can't understand why regular domain users are being blocked from running anything as administrator. Something as simple as Command Prompt (Admin) gets you the blue error saying "this app has been blocked by your system administrator." Applocker isn't running. UAC is enabled. I don't have any group policy that would be blocking this. My only assumption is that I don't have something turned on through group policy or it is something with UEM. Maybe something disabled through OS Optimization? Has anyone ran into this issue?

1 Solution

Accepted Solutions
JHBPJF
Enthusiast
Enthusiast
‎03-01-2018 12:18 PM
Jump to solution

I figured it out. It was the VMWare OS Optimization Tool. The tool changes ConsentPromptBehaviorUser to 0. This should be 1 for UAC prompts.

View solution in original post

7 Replies
techguy129
Expert
Expert
‎02-28-2018 10:37 PM
Jump to solution

You have application blocking enabled in UEM.

Try disabling it and see if the error goes away. (See screenshot) After you disable it, you need to restart the VM or run "C:\Program Files\Immidio\Flex Profiles\FlexEngine.exe" -UemRefreshApplicationBlocking

pastedImage_1.png

JHBPJF
Enthusiast
Enthusiast
‎03-01-2018 08:33 AM
Jump to solution

I assumed it was something Applocker/UEM Application Blocking enabled, but I don't have any of those on.

0 Kudos
techguy129
Expert
Expert
‎03-01-2018 08:48 AM
Jump to solution

If both of those are disabled, have you check out if you have an Software Restriction Policies set?

rsop.msc and check your group policies coming down.

SRP is under:

GPO -> Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Software Restriction Policies

Also, check out application log on the desktop.

JHBPJF
Enthusiast
Enthusiast
‎03-01-2018 09:17 AM
Jump to solution

Yah, nothing seems out of the ordinary. I'll work with Microsoft on this one. Thanks for trying.

0 Kudos
JHBPJF
Enthusiast
Enthusiast
‎03-01-2018 12:06 PM
Jump to solution

I booted up my golden image and it's the same result, so it isn't anything with UEM or group policy as far as I can tell. Perhaps it's the VMWare OS Optimization tool. Going to have to build a regular VM and test. Will report back.

0 Kudos
JHBPJF
Enthusiast
Enthusiast
‎03-01-2018 12:18 PM
Jump to solution

I figured it out. It was the VMWare OS Optimization Tool. The tool changes ConsentPromptBehaviorUser to 0. This should be 1 for UAC prompts.

fdrietatns
Enthusiast
Enthusiast
‎04-06-2018 11:49 AM
Jump to solution

Slow Clap - YouTube

0 Kudos