Windows 10: AppLocker Preventing Admin Account From Creating New Users

  1.    18 May 2016 #1

    AppLocker Preventing Admin Account From Creating New Users


    I've got a problem. I've been tasked with creating a lightweight build of Windows 10 to run in kiosk mode here at work. I've got kiosk mode running well, where the only app the user has access to is Internet Explorer (using a custom shell). However now I'm going through and trying to lock everything down to prevent the user from downloading and installing stuff, accessing C:\, etc.

    I've enabled applocker and auto-generated all the rules. I did this for Executables, Windows Installer Files as well as Pre-Packaged Apps however I'm running into a problem. Even though I have all the rules for the pre-packaged apps set to "allow" for the administrators group, it still won't allow me to create new users (any more) when using the built-in Administrator account. When I go to 'Settings -> Users -> Create New User" the mouse wheel spins for a little bit and a window opens and closes instantly but that's all.

    I ended up going into System32 Lusrmgr and creating a new admin account that way, but even after adding this new account to the admin group and signing out/in, rebooting, etc. this new admin account can't access any of the pre-packaged apps like the default Administrator account can.

    If I am understanding AppLocker and the rules for the pre-packaged apps correctly, since I have all the rules set to "allow" for the "builtin-administrators" group, shouldn't my new admin account have full privileges? Also, why can't the default administrator account create new users from "Settings -> Users"?

    Something doesn't seem to be working right to me...or I'm doing something wrong (very possible).

    Any help you can provide would be greatly appreciated.

      My ComputerSystem Spec

  2.    03 Oct 2016 #2


    I ran across a similar issue with OS 10 version 1607, we tried this a test user account and we blocked the apps we wanted to but once we tried to log back into the device with our Admin account not only was the app blocked but so was the Start menu for the Admin account who should still have access to it.

    We took away the rule that we created and the issue still persisted so I had to reimage the device and did the steps need on a test machine to run things through Group Policy and everything was going great on the test machine but it was on version 1511. So importing the .xml to the test machine with 1607 did not work. So basically we found out you can't apply Group Policies setup on a 1511 machine and import them to a 1607 machine.

    We know the Kiosk mode won't work for us because need more than one app on the device and need to broadcast it to a second monitor which you cannot do in Kiosk mode. I was just curious if you have had any luck with AppLocker since your post? Sorry I am not providing a solution to your post just wanted to converse since we are in very similar boats.

      My ComputerSystem Spec


Related Threads
The firm in which I work has a Lenovo PC with Windows 10 installed. There are two user profiles on the computer, the admin and another normal account without administration rights. We have only the password of the account without administrator...
Hi. I'm getting a bit confused about how to set up child's laptop with me as an Administrator. I've read a few internet articles but they all seem to start by assuming that you have set up the computer in your own name first and are then adding a...
Domain admin account as built-in admin account in User Accounts and Family Safety
I just upgraded two brand new pc's from Win 7 to Win 10. Computers were already added to the domain in Win 7 and I was logged into the domain administrator account when I did the upgrade to Win 10. Now when I am logged in with the domain...
I have not found anything like my problem on any forum or thread. In my Administrator Account the Windows Store opens and I can install Apps. I expected those same Apps I just installed to appear in my User Account, they did not. Both my Admin and...
I am trying to change my user account from guest to admin as many things aren't working right. I have tried cmd -> netplwiz and it asks me for an admin password, but gives me no box to type it in. Even if it did, I don't know what the admin...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 09:30.
Find Us