VMware Horizon Community
jahegyi
Enthusiast
Enthusiast
‎02-03-2017 06:40 AM

Windows 10 - Issues with Start Menu, Taskbar and file type associations

Running into an issue with these settings applying and/or sticking on Windows 10 linked clones with UEM 9.1.

I have a LayoutModification.xml file that pins Office icons to the start menu and Taskbar.zip that removes Edge and adds IE that I am applying.

The LayoutModification applies successfully when a user logs in and their UEM profile is created. If they log out and log back in the icons are gone. Not sure what is going on. Now honestly, I could care less which one sticks. Originally I was trying to apply a modification with all icons removed and that didn't work at all. I can see in the flex engine logs where it is removing the shortcuts on logout, but they don't get reapplied when the user logs in again.

For the taskbar settings, the log shows that it finds the .zip and applies it but it does NOT apply when the user logs in for the first time. If they log out and log in again, however, it applies fine. So this is the opposite of above - applies on the subsequent logon and not the first one.

We have Adobe Reader DC baked into the gold image and I have file type associations set for pdf. Log shows it sees it and applies it yet everything still gets opened with edge. Refreshing FTA after logging in doesn't change anything.

Any ideas?

0 Kudos
1 Reply
tschuegy
Enthusiast
Enthusiast
‎02-28-2017 05:01 AM

We had facing the same or similar problems whith start menu and file type associations. What we did and worked for us:

Start menu layout

We created a file named "DefaultStartLayout.xml" with the following content(it is an example, modify it for your environment).

<?xml version="1.0" encoding="utf-8"?>


<LayoutModificationTemplate


    xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification"


    xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout"


    xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout"


    xmlns:taskbar="http://schemas.microsoft.com/Start/2014/TaskbarLayout"


    Version="1">


  <LayoutOptions StartTileGroupsColumnCount="1" />


  <DefaultLayoutOverride>


    <StartLayoutCollection>


      <defaultlayout:StartLayout GroupCellWidth="6" xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout">


        <start:Group Name="Microsoft Office" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout">


          <start:DesktopApplicationTile Size="2x2" Column="2" Row="2" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016\Excel 2016.lnk" />


          <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016\Word 2016.lnk" />


          <start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016\Outlook 2016.lnk" />


          <start:DesktopApplicationTile Size="2x2" Column="0" Row="2" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016\PowerPoint 2016.lnk" />


        </start:Group>


      </defaultlayout:StartLayout>


    </StartLayoutCollection>


  </DefaultLayoutOverride>


  <CustomTaskbarLayoutCollection PinListPlacement="Replace">


    <defaultlayout:TaskbarLayout>


      <taskbar:TaskbarPinList>


        <taskbar:DesktopApp DesktopApplicationLinkPath="%appdata%\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk" />


        <taskbar:DesktopApp DesktopApplicationLinkPath="%appdata%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk" />


      </taskbar:TaskbarPinList>


    </defaultlayout:TaskbarLayout>


  </CustomTaskbarLayoutCollection>


</LayoutModificationTemplate>

In our deployment process of the "golden image" we do the following command:

copy "%SourceDir%DefaultStartLayout.xml" "%SystemDrive%\Users\Default\AppData\Local\Microsoft\Windows\Shell\LayoutModification.xml" /y

When a new user login an the user profile create, it take that settings as preference. But the user still can modify and this settings will not apply as policy. It will only applyed during the profile creation.

File type assosciations

1. Default app associations

We create a xml file named "DefaultAppAssociations.xml" with the following content:

<?xml version="1.0" encoding="UTF-8"?>


<DefaultAssociations>


  <Association Identifier=".3g2" ProgId="VLC.3g2" ApplicationName="VLC media player" />


  <Association Identifier=".3ga" ProgId="VLC.3ga" ApplicationName="VLC media player" />


  <Association Identifier=".3gp" ProgId="VLC.3gp" ApplicationName="VLC media player" />


  <Association Identifier=".3gp2" ProgId="VLC.3gp2" ApplicationName="VLC media player" />


  <Association Identifier=".3gpp" ProgId="VLC.3gpp" ApplicationName="VLC media player" />


  <Association Identifier=".669" ProgId="VLC.669" ApplicationName="VLC media player" />


  <Association Identifier=".a52" ProgId="VLC.a52" ApplicationName="VLC media player" />


  <Association Identifier=".aac" ProgId="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs" ApplicationName="Groove Music" />


  <Association Identifier=".ac3" ProgId="VLC.ac3" ApplicationName="VLC media player" />


  <Association Identifier=".acrobatsecuritysettings" ProgID="AcroExch.acrobatsecuritysettings" ApplicationName="Adobe Reader XI" />


  <Association Identifier=".secstore" ProgID="AcroExch.SecStore" ApplicationName="Adobe Reader XI" />


  <Association Identifier=".api" ProgID="AcroExch.Plugin" ApplicationName="Adobe Reader XI" />


  <Association Identifier=".adt" ProgId="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs" ApplicationName="Groove Music" />


  <Association Identifier=".adts" ProgId="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs" ApplicationName="Groove Music" />


  <Association Identifier=".AIF" ProgId="VLC.aif" ApplicationName="VLC media player" />


  <Association Identifier=".AIFC" ProgId="VLC.aifc" ApplicationName="VLC media player" />


  <Association Identifier=".AIFF" ProgId="VLC.aiff" ApplicationName="VLC media player" />


  <Association Identifier=".amr" ProgId="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs" ApplicationName="Groove Music" />


  <Association Identifier=".amv" ProgId="VLC.amv" ApplicationName="VLC media player" />


  <Association Identifier=".aob" ProgId="VLC.aob" ApplicationName="VLC media player" />


  <Association Identifier=".ape" ProgId="VLC.ape" ApplicationName="VLC media player" />


  <Association Identifier=".asf" ProgId="VLC.asf" ApplicationName="VLC media player" />


  <Association Identifier=".ASX" ProgId="VLC.asx" ApplicationName="VLC media player" />


  <Association Identifier=".AU" ProgId="VLC.au" ApplicationName="VLC media player" />


  <Association Identifier=".avi" ProgId="VLC.avi" ApplicationName="VLC media player" />


  <Association Identifier=".b4s" ProgId="VLC.b4s" ApplicationName="VLC media player" />


  <Association Identifier=".bik" ProgId="VLC.bik" ApplicationName="VLC media player" />


  <Association Identifier=".bmp" ProgId="PhotoViewer.FileAssoc.Tiff" ApplicationName="Windows-Fotoanzeige" />


  <Association Identifier=".caf" ProgId="VLC.caf" ApplicationName="VLC media player" />


  <Association Identifier=".cda" ProgId="VLC.cda" ApplicationName="VLC media player" />


  <Association Identifier=".cue" ProgId="VLC.cue" ApplicationName="VLC media player" />


  <Association Identifier=".dib" ProgId="PhotoViewer.FileAssoc.Tiff" ApplicationName="Windows-Fotoanzeige" />


  <Association Identifier=".divx" ProgId="VLC.divx" ApplicationName="VLC media player" />


  <Association Identifier=".drc" ProgId="VLC.drc" ApplicationName="VLC media player" />


  <Association Identifier=".dts" ProgId="VLC.dts" ApplicationName="VLC media player" />


  <Association Identifier=".dv" ProgId="VLC.dv" ApplicationName="VLC media player" />


  <Association Identifier=".f4v" ProgId="VLC.f4v" ApplicationName="VLC media player" />


  <Association Identifier=".fdf" ProgID="AcroExch.FDFDoc" ApplicationName="Adobe Reader XI" />


  <Association Identifier=".flac" ProgId="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs" ApplicationName="Groove Music" />


  <Association Identifier=".flv" ProgId="VLC.flv" ApplicationName="VLC media player" />


  <Association Identifier=".gif" ProgId="PhotoViewer.FileAssoc.Tiff" ApplicationName="Windows-Fotoanzeige" />


  <Association Identifier=".gvi" ProgId="VLC.gvi" ApplicationName="VLC media player" />


  <Association Identifier=".gxf" ProgId="VLC.gxf" ApplicationName="VLC media player" />


  <Association Identifier=".htm" ProgId="IE.AssocFile.HTM" ApplicationName="Internet Explorer" />


  <Association Identifier=".html" ProgId="IE.AssocFile.HTM" ApplicationName="Internet Explorer" />


  <Association Identifier=".ifo" ProgId="VLC.ifo" ApplicationName="VLC media player" />


  <Association Identifier=".it" ProgId="VLC.it" ApplicationName="VLC media player" />


  <Association Identifier=".jfif" ProgId="PhotoViewer.FileAssoc.Tiff" ApplicationName="Windows-Fotoanzeige" />


  <Association Identifier=".jpe" ProgId="PhotoViewer.FileAssoc.Tiff" ApplicationName="Windows-Fotoanzeige" />


  <Association Identifier=".jpeg" ProgId="PhotoViewer.FileAssoc.Tiff" ApplicationName="Windows-Fotoanzeige" />


  <Association Identifier=".jpg" ProgId="PhotoViewer.FileAssoc.Tiff" ApplicationName="Windows-Fotoanzeige" />


  <Association Identifier=".jxr" ProgId="PhotoViewer.FileAssoc.Tiff" ApplicationName="Windows-Fotoanzeige" />


  <Association Identifier=".M1V" ProgId="VLC.m1v" ApplicationName="VLC media player" />


  <Association Identifier=".m2t" ProgId="VLC.m2t" ApplicationName="VLC media player" />


  <Association Identifier=".m2ts" ProgId="VLC.m2ts" ApplicationName="VLC media player" />


  <Association Identifier=".M2V" ProgId="VLC.m2v" ApplicationName="VLC media player" />


  <Association Identifier=".m3u" ProgId="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs" ApplicationName="Groove Music" />


  <Association Identifier=".m3u8" ProgId="VLC.m3u8" ApplicationName="VLC media player" />


  <Association Identifier=".m4a" ProgId="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs" ApplicationName="Groove Music" />


  <Association Identifier=".m4p" ProgId="VLC.m4p" ApplicationName="VLC media player" />


  <Association Identifier=".m4r" ProgId="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs" ApplicationName="Groove Music" />


  <Association Identifier=".m4v" ProgId="VLC.m4v" ApplicationName="VLC media player" />


  <Association Identifier=".mht" ProgId="IE.AssocFile.MHT" ApplicationName="Internet Explorer" />


  <Association Identifier=".mhtml" ProgId="IE.AssocFile.MHT" ApplicationName="Internet Explorer" />


  <Association Identifier=".MID" ProgId="VLC.mid" ApplicationName="VLC media player" />


  <Association Identifier=".MKA" ProgId="VLC.mka" ApplicationName="VLC media player" />


  <Association Identifier=".mkv" ProgId="VLC.mkv" ApplicationName="VLC media player" />


  <Association Identifier=".mlp" ProgId="VLC.mlp" ApplicationName="VLC media player" />


  <Association Identifier=".mod" ProgId="VLC.mod" ApplicationName="VLC media player" />


  <Association Identifier=".mov" ProgId="VLC.mov" ApplicationName="VLC media player" />


  <Association Identifier=".mp1" ProgId="VLC.mp1" ApplicationName="VLC media player" />


  <Association Identifier=".MP2" ProgId="VLC.mp2" ApplicationName="VLC media player" />


  <Association Identifier=".MP2V" ProgId="VLC.mp2v" ApplicationName="VLC media player" />


  <Association Identifier=".mp3" ProgId="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs" ApplicationName="Groove Music" />


  <Association Identifier=".mp4" ProgId="VLC.mp4" ApplicationName="VLC media player" />


  <Association Identifier=".mp4v" ProgId="VLC.mp4v" ApplicationName="VLC media player" />


  <Association Identifier=".mpa" ProgId="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs" ApplicationName="Groove Music" />


  <Association Identifier=".mpc" ProgId="VLC.mpc" ApplicationName="VLC media player" />


  <Association Identifier=".mpe" ProgId="VLC.mpe" ApplicationName="VLC media player" />


  <Association Identifier=".mpeg" ProgId="VLC.mpeg" ApplicationName="VLC media player" />


  <Association Identifier=".mpeg1" ProgId="VLC.mpeg1" ApplicationName="VLC media player" />


  <Association Identifier=".mpeg2" ProgId="VLC.mpeg2" ApplicationName="VLC media player" />


  <Association Identifier=".mpeg4" ProgId="VLC.mpeg4" ApplicationName="VLC media player" />


  <Association Identifier=".mpg" ProgId="VLC.mpg" ApplicationName="VLC media player" />


  <Association Identifier=".mpga" ProgId="VLC.mpga" ApplicationName="VLC media player" />


  <Association Identifier=".mpv2" ProgId="VLC.mpv2" ApplicationName="VLC media player" />


  <Association Identifier=".mts" ProgId="VLC.mts" ApplicationName="VLC media player" />


  <Association Identifier=".mtv" ProgId="VLC.mtv" ApplicationName="VLC media player" />


  <Association Identifier=".mxf" ProgId="VLC.mxf" ApplicationName="VLC media player" />


  <Association Identifier=".nsv" ProgId="VLC.nsv" ApplicationName="VLC media player" />


  <Association Identifier=".nuv" ProgId="VLC.nuv" ApplicationName="VLC media player" />


  <Association Identifier=".oga" ProgId="VLC.oga" ApplicationName="VLC media player" />


  <Association Identifier=".ogg" ProgId="VLC.ogg" ApplicationName="VLC media player" />


  <Association Identifier=".ogm" ProgId="VLC.ogm" ApplicationName="VLC media player" />


  <Association Identifier=".ogv" ProgId="VLC.ogv" ApplicationName="VLC media player" />


  <Association Identifier=".ogx" ProgId="VLC.ogx" ApplicationName="VLC media player" />


  <Association Identifier=".oma" ProgId="VLC.oma" ApplicationName="VLC media player" />


  <Association Identifier=".opus" ProgId="VLC.opus" ApplicationName="VLC media player" />


  <Association Identifier=".partial" ProgId="IE.AssocFile.PARTIAL" ApplicationName="Internet Explorer" />


  <Association Identifier=".pdf" ProgID="AcroExch.Document.11" ApplicationName="Adobe Reader XI" />


  <Association Identifier=".pdfxml" ProgID="AcroExch.pdfxml" ApplicationName="Adobe Reader XI" />


  <Association Identifier=".pdx" ProgID="PDXFileType" ApplicationName="Adobe Reader XI" />


  <Association Identifier=".pls" ProgId="VLC.pls" ApplicationName="VLC media player" />


  <Association Identifier=".png" ProgId="PhotoViewer.FileAssoc.Tiff" ApplicationName="Windows-Fotoanzeige" />


  <Association Identifier=".qcp" ProgId="VLC.qcp" ApplicationName="VLC media player" />


  <Association Identifier=".ra" ProgId="VLC.ra" ApplicationName="VLC media player" />


  <Association Identifier=".ram" ProgId="VLC.ram" ApplicationName="VLC media player" />


  <Association Identifier=".rec" ProgId="VLC.rec" ApplicationName="VLC media player" />


  <Association Identifier=".rm" ProgId="VLC.rm" ApplicationName="VLC media player" />


  <Association Identifier=".RMI" ProgId="VLC.rmi" ApplicationName="VLC media player" />


  <Association Identifier=".rmvb" ProgId="VLC.rmvb" ApplicationName="VLC media player" />


  <Association Identifier=".rpl" ProgId="VLC.rpl" ApplicationName="VLC media player" />


  <Association Identifier=".s3m" ProgId="VLC.s3m" ApplicationName="VLC media player" />


  <Association Identifier=".sdp" ProgId="VLC.sdp" ApplicationName="VLC media player" />


  <Association Identifier=".SND" ProgId="VLC.snd" ApplicationName="VLC media player" />


  <Association Identifier=".spx" ProgId="VLC.spx" ApplicationName="VLC media player" />


  <Association Identifier=".svg" ProgId="IE.AssocFile.SVG" ApplicationName="Internet Explorer" />


  <Association Identifier=".thp" ProgId="VLC.thp" ApplicationName="VLC media player" />


  <Association Identifier=".tod" ProgId="VLC.tod" ApplicationName="VLC media player" />


  <Association Identifier=".ts" ProgId="VLC.ts" ApplicationName="VLC media player" />


  <Association Identifier=".tta" ProgId="VLC.tta" ApplicationName="VLC media player" />


  <Association Identifier=".tts" ProgId="VLC.tts" ApplicationName="VLC media player" />


  <Association Identifier=".url" ProgId="IE.AssocFile.URL" ApplicationName="Internet Browser" />


  <Association Identifier=".vlc" ProgId="VLC.vlc" ApplicationName="VLC media player" />


  <Association Identifier=".vob" ProgId="VLC.vob" ApplicationName="VLC media player" />


  <Association Identifier=".voc" ProgId="VLC.voc" ApplicationName="VLC media player" />


  <Association Identifier=".vqf" ProgId="VLC.vqf" ApplicationName="VLC media player" />


  <Association Identifier=".vro" ProgId="VLC.vro" ApplicationName="VLC media player" />


  <Association Identifier=".w64" ProgId="VLC.w64" ApplicationName="VLC media player" />


  <Association Identifier=".wav" ProgId="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs" ApplicationName="Groove Music" />


  <Association Identifier=".wdp" ProgId="PhotoViewer.FileAssoc.Tiff" ApplicationName="Windows-Fotoanzeige" />


  <Association Identifier=".webm" ProgId="VLC.webm" ApplicationName="VLC media player" />


  <Association Identifier=".website" ProgId="IE.AssocFile.WEBSITE" ApplicationName="Internet Explorer" />


  <Association Identifier=".wm" ProgId="AppX6eg8h5sxqq90pv53845wmnbewywdqq5h" ApplicationName="Movies &amp; TV" />


  <Association Identifier=".wma" ProgId="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs" ApplicationName="Groove Music" />


  <Association Identifier=".wmv" ProgId="VLC.wmv" ApplicationName="VLC media player" />


  <Association Identifier=".wpl" ProgId="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs" ApplicationName="Groove Music" />


  <Association Identifier=".wv" ProgId="VLC.wv" ApplicationName="VLC media player" />


  <Association Identifier=".WVX" ProgId="VLC.wvx" ApplicationName="VLC media player" />


  <Association Identifier=".xa" ProgId="VLC.xa" ApplicationName="VLC media player" />


  <Association Identifier=".xdp" ProgID="AcroExch.XDPDoc" ApplicationName="Adobe Reader XI" />


  <Association Identifier=".xesc" ProgId="VLC.xesc" ApplicationName="VLC media player" />


  <Association Identifier=".xfdf" ProgID="AcroExch.XFDFDoc" ApplicationName="Adobe Reader XI" />


  <Association Identifier=".xht" ProgId="IE.AssocFile.XHT" ApplicationName="Internet Explorer" />


  <Association Identifier=".xhtml" ProgId="IE.AssocFile.XHT" ApplicationName="Internet Explorer" />


  <Association Identifier=".xm" ProgId="VLC.xm" ApplicationName="VLC media player" />


  <Association Identifier=".xspf" ProgId="VLC.xspf" ApplicationName="VLC media player" />


  <Association Identifier=".xvid" ProgId="AppX6eg8h5sxqq90pv53845wmnbewywdqq5h" ApplicationName="Movies &amp; TV" />


  <Association Identifier=".zpl" ProgId="AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs" ApplicationName="Groove Music" />


  <Association Identifier="ftp" ProgId="IE.FTP" ApplicationName="Internet Explorer" />


  <Association Identifier="http" ProgId="IE.HTTP" ApplicationName="Internet Explorer" />


  <Association Identifier="https" ProgId="IE.HTTPS" ApplicationName="Internet Explorer" />


  <Association Identifier="mk" ProgId="IE.HTTP" ApplicationName="Internet Explorer" />


  <Association Identifier="mswindowsmusic" ProgId="AppXtggqqtcfspt6ks3fjzyfppwc05yxwtwy" ApplicationName="Groove Music" />


  <Association Identifier="mswindowsvideo" ProgId="AppX6w6n4f8xch1s3vzwf3af6bfe88qhxbza" ApplicationName="Movies &amp; TV" />


  <Association Identifier="res" ProgId="IE.HTTP" ApplicationName="Internet Explorer" />


  <Association Identifier=".xml" ProgId="Applications\iexplore.exe" ApplicationName="Internet Explorer" />


</DefaultAssociations>

In our deployment process of the golden image, start the command.

dism /online /Import-DefaultAppAssociations:"%SourceDir%DefaultAppAssociations.xml"

Then, we set a computer GPO that blocks the installed Apps. We do that with the built-in AppLocker GPO.

Applocker.PNG

The xml export of this policy:

<AppLockerPolicy Version="1">


  <RuleCollection Type="Appx" EnforcementMode="Enabled">


    <FilePublisherRule Id="0e6eea19-cc66-4fbb-a20b-2f32ec81e63f" Name="microsoft.windowscommunicationsapps, aus CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">


      <Conditions>


        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="microsoft.windowscommunicationsapps" BinaryName="*">


          <BinaryVersionRange LowSection="*" HighSection="*" />


        </FilePublisherCondition>


      </Conditions>


    </FilePublisherRule>


    <FilePublisherRule Id="0f9c9e5f-c705-4962-ae47-d30484a84f5c" Name="Windows.MiracastView, aus Microsoft Corporation" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">


      <Conditions>


        <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Windows.MiracastView" BinaryName="*">


          <BinaryVersionRange LowSection="*" HighSection="*" />


        </FilePublisherCondition>


      </Conditions>


    </FilePublisherRule>


    <FilePublisherRule Id="101cc203-2324-4df8-96d5-3af8989cedef" Name="Microsoft.ZuneMusic, aus CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">


      <Conditions>


        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.ZuneMusic" BinaryName="*">


          <BinaryVersionRange LowSection="*" HighSection="*" />


        </FilePublisherCondition>


      </Conditions>


    </FilePublisherRule>


    <FilePublisherRule Id="15aa8b40-e753-4e82-8099-3d0edebeec23" Name="Microsoft.Windows.CloudExperienceHost, aus CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">


      <Conditions>


        <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.CloudExperienceHost" BinaryName="*">


          <BinaryVersionRange LowSection="*" HighSection="*" />


        </FilePublisherCondition>


      </Conditions>


    </FilePublisherRule>


    <FilePublisherRule Id="1ef96a93-4e5a-4f2b-ba37-7848c7bbb85c" Name="Microsoft.OneConnect, aus CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">


      <Conditions>


        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.OneConnect" BinaryName="*">


          <BinaryVersionRange LowSection="*" HighSection="*" />


        </FilePublisherCondition>


      </Conditions>


    </FilePublisherRule>


    <FilePublisherRule Id="2d387cfc-4699-4f52-b040-6bf5c7ee0b51" Name="Microsoft.WindowsCamera, aus CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">


      <Conditions>


        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsCamera" BinaryName="*">


          <BinaryVersionRange LowSection="*" HighSection="*" />


        </FilePublisherCondition>


      </Conditions>


    </FilePublisherRule>


    <FilePublisherRule Id="461c4119-2435-4c1c-acf9-893f7ce7dfb3" Name="Microsoft.MicrosoftOfficeHub, aus CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">


      <Conditions>


        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MicrosoftOfficeHub" BinaryName="*">


          <BinaryVersionRange LowSection="*" HighSection="*" />


        </FilePublisherCondition>


      </Conditions>


    </FilePublisherRule>


    <FilePublisherRule Id="5a64162b-7456-4083-947a-2770f0fdf1d1" Name="Microsoft.XboxGameCallableUI, aus CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">


      <Conditions>


        <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.XboxGameCallableUI" BinaryName="*">


          <BinaryVersionRange LowSection="*" HighSection="*" />


        </FilePublisherCondition>


      </Conditions>


    </FilePublisherRule>


    <FilePublisherRule Id="6deee439-bf49-4957-82b4-a188ec05b43b" Name="Microsoft.MicrosoftSolitaireCollection, aus CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">


      <Conditions>


        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MicrosoftSolitaireCollection" BinaryName="*">


          <BinaryVersionRange LowSection="*" HighSection="*" />


        </FilePublisherCondition>


      </Conditions>


    </FilePublisherRule>


    <FilePublisherRule Id="72343993-8dca-4ab2-9650-d8a8f91853d4" Name="Microsoft.WindowsFeedbackHub, aus CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">


      <Conditions>


        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsFeedbackHub" BinaryName="*">


          <BinaryVersionRange LowSection="*" HighSection="*" />


        </FilePublisherCondition>


      </Conditions>


    </FilePublisherRule>


    <FilePublisherRule Id="76f6e2f2-1da3-4a26-abfb-215729431f16" Name="Microsoft.Windows.Cortana, aus CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">


      <Conditions>


        <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.Cortana" BinaryName="*">


          <BinaryVersionRange LowSection="*" HighSection="*" />


        </FilePublisherCondition>


      </Conditions>


    </FilePublisherRule>


    <FilePublisherRule Id="7aedf224-997e-43bd-a60d-378a67c5e3e0" Name="Microsoft.WindowsAlarms, aus CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">


      <Conditions>


        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsAlarms" BinaryName="*">


          <BinaryVersionRange LowSection="*" HighSection="*" />


        </FilePublisherCondition>


      </Conditions>


    </FilePublisherRule>


    <FilePublisherRule Id="830209ae-7748-4038-9681-da8f86fbd1a5" Name="Microsoft.StorePurchaseApp, aus CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">


      <Conditions>


        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.StorePurchaseApp" BinaryName="*">


          <BinaryVersionRange LowSection="*" HighSection="*" />


        </FilePublisherCondition>


      </Conditions>


    </FilePublisherRule>


    <FilePublisherRule Id="882d3957-d789-480c-ae70-e0bb3f258ad3" Name="Microsoft.XboxApp, aus CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">


      <Conditions>


        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.XboxApp" BinaryName="*">


          <BinaryVersionRange LowSection="*" HighSection="*" />


        </FilePublisherCondition>


      </Conditions>


    </FilePublisherRule>


    <FilePublisherRule Id="9018b681-ca3f-498b-a094-d42e383b78b7" Name="Microsoft.WindowsMaps, aus CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">


      <Conditions>


        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsMaps" BinaryName="*">


          <BinaryVersionRange LowSection="*" HighSection="*" />


        </FilePublisherCondition>


      </Conditions>


    </FilePublisherRule>


    <FilePublisherRule Id="96ad33ca-d49c-4836-9c44-350f18e42351" Name="Microsoft.MicrosoftStickyNotes, aus CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">


      <Conditions>


        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MicrosoftStickyNotes" BinaryName="*">


          <BinaryVersionRange LowSection="*" HighSection="*" />


        </FilePublisherCondition>


      </Conditions>


    </FilePublisherRule>


    <FilePublisherRule Id="97d1ee9d-f06a-4f68-862c-66ff2c1cc341" Name="Windows.ContactSupport, aus CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">


      <Conditions>


        <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Windows.ContactSupport" BinaryName="*">


          <BinaryVersionRange LowSection="*" HighSection="*" />


        </FilePublisherCondition>


      </Conditions>


    </FilePublisherRule>


    <FilePublisherRule Id="a6da389f-2218-4d3f-84cd-657331c33e16" Name="Microsoft.Messaging, aus CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">


      <Conditions>


        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Messaging" BinaryName="*">


          <BinaryVersionRange LowSection="*" HighSection="*" />


        </FilePublisherCondition>


      </Conditions>


    </FilePublisherRule>


    <FilePublisherRule Id="a9e18c21-ff8f-43cf-b9fc-db40eed693ba" Name="(Standardregel) Alle signierten App-Pakete" Description="Ermöglicht Mitgliedern der Gruppe &quot;Jeder&quot; das Ausführen von signierten App-Paketen." UserOrGroupSid="S-1-1-0" Action="Allow">


      <Conditions>


        <FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*">


          <BinaryVersionRange LowSection="0.0.0.0" HighSection="*" />


        </FilePublisherCondition>


      </Conditions>


    </FilePublisherRule>


    <FilePublisherRule Id="aef37aa8-6c65-47a7-97f8-09725a6fa4bc" Name="Microsoft.ZuneVideo, aus CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">


      <Conditions>


        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.ZuneVideo" BinaryName="*">


          <BinaryVersionRange LowSection="*" HighSection="*" />


        </FilePublisherCondition>


      </Conditions>


    </FilePublisherRule>


    <FilePublisherRule Id="b6ae156c-627e-45cc-a14b-ab5d9f233d05" Name="Microsoft.People, Version 10.0.0.0 und höher, aus CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">


      <Conditions>


        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.People" BinaryName="*">


          <BinaryVersionRange LowSection="10.0.0.0" HighSection="*" />


        </FilePublisherCondition>


      </Conditions>


    </FilePublisherRule>


    <FilePublisherRule Id="b907c2ba-926d-4186-b829-3ab398786f42" Name="Microsoft.SkypeApp, aus CN=Skype Software Sarl, O=Microsoft Corporation, L=Luxembourg, S=Luxembourg, C=LU" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">


      <Conditions>


        <FilePublisherCondition PublisherName="CN=Skype Software Sarl, O=Microsoft Corporation, L=Luxembourg, S=Luxembourg, C=LU" ProductName="Microsoft.SkypeApp" BinaryName="*">


          <BinaryVersionRange LowSection="*" HighSection="*" />


        </FilePublisherCondition>


      </Conditions>


    </FilePublisherRule>


    <FilePublisherRule Id="bc319c7e-119d-487e-bea0-7433e3bdf7dc" Name="Microsoft.BingWeather, aus CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">


      <Conditions>


        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.BingWeather" BinaryName="*">


          <BinaryVersionRange LowSection="*" HighSection="*" />


        </FilePublisherCondition>


      </Conditions>


    </FilePublisherRule>


    <FilePublisherRule Id="c39e4c8e-f5f5-455e-a252-56cc68ca8bb0" Name="Microsoft.3DBuilder, aus CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">


      <Conditions>


        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.3DBuilder" BinaryName="*">


          <BinaryVersionRange LowSection="*" HighSection="*" />


        </FilePublisherCondition>


      </Conditions>


    </FilePublisherRule>


    <FilePublisherRule Id="c79feb26-a3ca-4625-95e0-20362bd99785" Name="Microsoft.Windows.ContentDeliveryManager, aus CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">


      <Conditions>


        <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.ContentDeliveryManager" BinaryName="*">


          <BinaryVersionRange LowSection="*" HighSection="*" />


        </FilePublisherCondition>


      </Conditions>


    </FilePublisherRule>


    <FilePublisherRule Id="ce824886-9442-4375-a8d8-d0a1dc6f6b8e" Name="Microsoft.WindowsStore, aus CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">


      <Conditions>


        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsStore" BinaryName="*">


          <BinaryVersionRange LowSection="*" HighSection="*" />


        </FilePublisherCondition>


      </Conditions>


    </FilePublisherRule>


    <FilePublisherRule Id="d027f797-1454-4ecb-92f5-a591c4c2094b" Name="Microsoft.PPIProjection, aus CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">


      <Conditions>


        <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.PPIProjection" BinaryName="*">


          <BinaryVersionRange LowSection="*" HighSection="*" />


        </FilePublisherCondition>


      </Conditions>


    </FilePublisherRule>


    <FilePublisherRule Id="d5d57c9f-a40d-423a-9e07-d27b68110e5b" Name="Microsoft.Windows.Photos, aus Microsoft Corporation" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">


      <Conditions>


        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.Photos" BinaryName="*">


          <BinaryVersionRange LowSection="*" HighSection="*" />


        </FilePublisherCondition>


      </Conditions>


    </FilePublisherRule>


    <FilePublisherRule Id="da040b86-daa2-4855-ae07-d17fe3fd06f5" Name="Microsoft.WindowsSoundRecorder, aus CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">


      <Conditions>


        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsSoundRecorder" BinaryName="*">


          <BinaryVersionRange LowSection="*" HighSection="*" />


        </FilePublisherCondition>


      </Conditions>


    </FilePublisherRule>


    <FilePublisherRule Id="e74c9b3b-4324-4261-831d-9f6e32df14da" Name="Microsoft.Office.OneNote, aus CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">


      <Conditions>


        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Office.OneNote" BinaryName="*">


          <BinaryVersionRange LowSection="*" HighSection="*" />


        </FilePublisherCondition>


      </Conditions>


    </FilePublisherRule>


    <FilePublisherRule Id="e7936f27-091d-42c6-84fe-05a2cb721244" Name="Microsoft.Getstarted, aus CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">


      <Conditions>


        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Getstarted" BinaryName="*">


          <BinaryVersionRange LowSection="*" HighSection="*" />


        </FilePublisherCondition>


      </Conditions>


    </FilePublisherRule>


    <FilePublisherRule Id="ecb70c86-ff24-46e7-8cea-f371f0b0c527" Name="Microsoft.XboxIdentityProvider, aus CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">


      <Conditions>


        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.XboxIdentityProvider" BinaryName="*">


          <BinaryVersionRange LowSection="*" HighSection="*" />


        </FilePublisherCondition>


      </Conditions>


    </FilePublisherRule>


    <FilePublisherRule Id="f0ac2e4d-c4b8-4077-b5ce-bf53f934c099" Name="Microsoft.MicrosoftEdge, aus CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">


      <Conditions>


        <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MicrosoftEdge" BinaryName="*">


          <BinaryVersionRange LowSection="*" HighSection="*" />


        </FilePublisherCondition>


      </Conditions>


    </FilePublisherRule>


  </RuleCollection>


  <RuleCollection Type="Dll" EnforcementMode="NotConfigured" />


  <RuleCollection Type="Exe" EnforcementMode="NotConfigured">


    <FilePathRule Id="04c9bbb8-96c6-4ca4-bb53-7ccb7f56756d" Name="quickassist (Remotehilfe)" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">


      <Conditions>


        <FilePathCondition Path="C:\Windows\System32\quickassist.exe" />


      </Conditions>


    </FilePathRule>


    <FilePathRule Id="fcba07c3-0c33-4667-b051-0fb32a4df499" Name="All files" Description="Allows members of the local Administrators group to run all applications." UserOrGroupSid="S-1-1-0" Action="Allow">


      <Conditions>


        <FilePathCondition Path="*" />


      </Conditions>


    </FilePathRule>


  </RuleCollection>


  <RuleCollection Type="Msi" EnforcementMode="NotConfigured" />


  <RuleCollection Type="Script" EnforcementMode="NotConfigured" />


</AppLockerPolicy>

Then disable Edge hijacking odf and html associations:

Here are a good articel for that: http://www.winhelponline.com/blog/edge-hijack-pdf-htm-associations/

0 Kudos