OfficeExpert Dashboard

If you use AppLocker, ensure your environment trusts TrueDEM.

If a rule exists where a PublisherCondition is set and configured for the end user allowing all signed applications, no further action is needed (see box).

<FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*">


If you have individual policies in place, ensure that one is created for TrueDEM based on description below.

Configuration

As an AppLocker Administrator, make sure you have the TrueDEM Agent installed on the Device in which you configure the AppLocker Rule.

  • Open Group Policy Editor (gpedit.exe)
  • Open Windows Settings / Security Settings / Application Control Policies / AppLocker / Packaged app Rules
  • Right click - Create New Rule


  • Click on Select and search for OfficeExpert. Afterwards Select the Application and move the Slider to Publisher Level (trusting any Package Name and any Package Version from panagenda)

 


  • If necessary, define Exceptions

  • Give the rule a propoer name and click on Create


  • The new App Rule appears now in the list Packaged apps.


Note: The Rule will not work because the Publisher String gets truncated by the MMC UI. Microsoft confirmed that this is currently a known issue if an app has a PublisherString of more than 260 characters.
Because of that you  need to continue with the following steps.


  • Export the Applocker Policy/Policies
    Right click on "AppLocker" and Select Export Policy.  Enter a name for the XML file.


  • The Export contains all Policies you have configured. Look for the TrueDEM rule you created.
    If you take a closer look, the PublisherName is truncated and that it ends with "Pr"



  • Exchange the String with the following one and save the file.
E=office@panagenda.com, CN=panagenda GmbH, O=panagenda GmbH, STREET=Sonnenfelsgasse 13/9, L=Vienna, S=Vienna, C=AT, OID.1.3.6.1.4.1.311.60.2.1.1=Vienna, OID.1.3.6.1.4.1.311.60.2.1.2=Vienna, OID.1.3.6.1.4.1.311.60.2.1.3=AT, SERIALNUMBER=293516T, OID.2.5.4.15=Private Organization


  • Depending on how you test the configuration you can either Import this file (the same way you did with the Export) on your local Computer or you put the XML into your OMA-URI Settings configuration in Endpointmanager (former Intune) 




How you verify if the Rule is active on a Computer ?

  • Open Powershell and issue the following command

Get-AppLockerPolicy -Effective | Select-Object -ExpandProperty RuleCollections



Check if you see the correct and complete PublisherCondition String


How you verify if the TrueDEM Application is Allowed ?

  • Open Powershell and issue the following command
    (Note: Extract the msixbundle file so that you have the msix file of application available)


Test-AppLockerPolicy -PolicyObject (Get-AppLockerPolicy -Effective) -Path "C:\<path>\Panagenda.OfficeExpertProd.Package_1.25.2.0_x64\Panagenda.OfficeExpertProd.Package_1.25.2.0_x64.msix" -User Everyone


  • Verifiy if you see Allowed in the output



Contact Support

Visit panagenda OfficeExpert on our website!