OfficeExpert Dashboard

Error rendering macro 'rw-search'

null

Versions Compared

Old Version 4

changes.mady.by.user stefan fried [panagenda]

Saved on

compared with

New Version 5

changes.mady.by.user stefan fried [panagenda]

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

If you use AppLocker, ensure your environment trusts TrueDEM.

If a rule exists where a PublisherCondition is set and configured for the end user allowing all signed applications, no further action is needed (see box).

Code Block
<FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*">


If you have individual policies in place, ensure that one is created for TrueDEM based on description below.

Configuration

As an AppLocker Administrator, make sure you have the TrueDEM Agent installed on the Device in which you configure the AppLocker Rule.

  • Open GPO EditorGroup Policy Editor (gpedit.exe)
  • Open Windows Settings / Security Settings / Application Control Policies / AppLocker / Packaged app Rules
  • Right click - Create New Rule


  • Click on Select and search for OfficeExpert. Afterwards Select the Application and move the Slider to Publisher Level (trusting any Package Name and any Package Version from panagenda)

 


  • If necessary, define Exceptions

...

  • The new App Rule appears now in the list Packaged apps.

...


Info

Note: The Rule will not work because the Publisher String gets truncated by the MMC UI. Microsoft confirmed that this is currently a known issue if an app has a PublisherString of more than 260 characters.
Because of that you  need to continue with the following steps.


  • Export the Applocker Policy/Policies
    Right click on "AppLocker" and Select Export Policy.  Enter a name for the XML file.

Image Added


  • The Export contains all Policies you have configured. Look for the TrueDEM rule you created.
    If you take a closer look, the PublisherName is truncated and that it ends with "Pr"


Image Added


  • Exchange the String with the following one and save the file.
Code Block
E=office@panagenda.com, CN=panagenda GmbH, O=panagenda GmbH, STREET=Sonnenfelsgasse 13/9, L=Vienna, S=Vienna, C=AT, OID.1.3.6.1.4.1.311.60.2.1.1=Vienna, OID.1.3.6.1.4.1.311.60.2.1.2=Vienna, OID.1.3.6.1.4.1.311.60.2.1.3=AT, SERIALNUMBER=293516T, OID.2.5.4.15=Private Organization


  • Depending on how you test the configuration you can either Import this file (the same way you did with the Export) on your local Computer or you put the XML into your OMA-URI Settings configuration in Endpointmanager (former Intune) 


Image Added



How you verify if the Rule is active on a Computer ?

  • Open Powershell and issue the following command

Get-AppLockerPolicy -Effective | Select-Object -ExpandProperty RuleCollections

...


Image Added


Check if you see the correct and complete PublisherCondition String