This project is read-only.

BlockExecution still enabled after the installation

Topics: Archive - General
Feb 12, 2015 at 8:10 AM
Hi!

Any idea how I can disable the blockexecution? A restart does not help. Kind of stuck :-/
Feb 12, 2015 at 1:40 PM
Remove the corresponding "DebuggerValue" registry value for the blocked executable here under here: HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Marked as answer by StianM on 2/17/2015 at 2:14 AM
Feb 17, 2015 at 9:04 AM
Thanks man, works like a charm!
Feb 17, 2015 at 10:51 AM
By the way - does anyone know why this registry value is not deleted after application install?

[Pre-Installation] :: Set the Image File Execution Option registry key to block execution of [chrome.exe]. Block-AppExecution 11.02.2015 15:09:34 1 (0x0001)
[Pre-Installation] :: Return fully qualified registry key path [Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe] Convert-RegistryPath 11.02.2015 15:09:34 1 (0x0001)
[Pre-Installation] :: Set registry key value: [Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe] [Debugger = wscript.exe "C:\Users\Public\PSAppDeployToolkit\AppDeployToolkit_BlockAppExecutionMessage.vbs"] Set-RegistryKey 11.02.2015 15:09:34 1 (0x0001)


[Post-Installation] :: Remove the Image File Execution Options registry key to unblock execution of [].
Feb 17, 2015 at 10:54 AM
Nevermind - I used the full process name with the .exe file extension. Problem solved.
Marked as answer by StianM on 2/17/2015 at 2:54 AM
Feb 20, 2015 at 11:31 PM
Hello. I'm experiencing the same situation. The DebuggerValue registry value isn't being deleted after the application install. Any thoughts why?


Thank you in advance.
Feb 21, 2015 at 1:57 AM
sstanfie wrote:
Hello. I'm experiencing the same situation. The DebuggerValue registry value isn't being deleted after the application install. Any thoughts why?


Thank you in advance.
And this happens with version 3.6.0 of the script also.
Feb 24, 2015 at 8:21 AM
As I wrote in a previous post - try to use the full process name WITH the file extension. I.e. "chrome.exe" or "iexplore.exe".
Feb 24, 2015 at 5:18 PM
Edited Feb 24, 2015 at 5:43 PM
StianM wrote:
As I wrote in a previous post - try to use the full process name WITH the file extension. I.e. "chrome.exe" or "iexplore.exe".
Thank you for the reply. I already tried using the full process name WITH the file extension, but unfortunately I received same result. This is on Windows 7 x64 with Powershell 2.0. The Debugger value remains in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ and the app is blocked from launching. The log shows that the Debugger value is blank ("[])", and therefore not removed:
[Asynchronous] :: Remove the Image File Execution Options registry key to unblock execution of [].
The scheduled task runs C:\Users\Public\PSAppDeployToolkit\AppDeployToolkit_UnBlockApps.bat which contains the following:
powershell.exe -ExecutionPolicy Bypass -NoProfile -NoLogo -WindowStyle Hidden -File "C:\Users\Public\PSAppDeployToolkit\AppDeployToolkitMain.ps1" -CleanupBlockedApps -ReferringApplication "<$appVendor>_<$appName>_<$appVersion>_<$appLang>_<$appRevision>"
Running this batch file does not remove the registry Debugger value. Executing this command directly from Powershell results in the the following error:
Missing expression after unary operator '-'.
At line:1 char:2
+ - <<<< ExecutionPolicy Bypass -NoProfile -NoLogo -WindowStyle Hidden -File "C
:\Users\Public\PSAppDeployToolkit\AppDeployToolkitMain.ps1" -CleanupBlockedApps
 -ReferringApplication "<$appVendor>_<$appName>_<$appVersion>_<$appLang>_<$appR
evision>"
    + CategoryInfo          : ParserError: (-:String) [], ParentContainsErrorR
   ecordException
    + FullyQualifiedErrorId : MissingExpressionAfterOperator
Upgrading Powershell to 4.0 resolves the issue, but unfortunately that doesn't help my situation, since Powershell on my client machines is 2.0 and can't be upgraded at this time.
Feb 26, 2015 at 4:51 PM
I believe this is a bug when you specify only one process with -BlockExecution. I have worked around this bug by specifying a dummy process. For example, when I want to block execution of just Internet Explorer, I use 'iexplore,dummyapp' -BlockExecution
Mar 9, 2015 at 8:43 PM
Edited Mar 9, 2015 at 8:44 PM
Unblock all blocked apps:
[string]$regKeyAppExecution = 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options'
[psobject[]]$unblockProcessName = Get-ChildItem -Path $regKeyAppExecution -Recurse -ErrorAction 'SilentlyContinue' | ForEach-Object { Get-ItemProperty -LiteralPath $_.PSPath } | Where-Object { $_.Debugger -like '*AppDeployToolkit_BlockAppExecutionMessage*' }
        ForEach ($unblockProcess in $unblockProcessName) {
            $unblockProcess | Remove-ItemProperty -Name Debugger -ErrorAction 'SilentlyContinue'
        }