You start the Group Policy Management Console (GPMC) on a computer that is running Windows Vista, Windows Server 2008, or later versions of the Windows operating system. You use the Group Policy Management Editor window to edit Group Policy settings. In this scenario, the Run only allowed Windows applications Group Policy setting displays no entries. However, the entries for this setting are displayed if you edit Group Policy settings on a server that is running Windows Server 2003 or on a computer that is running Windows XP.
Regardless of the operating system, the Group Policy settings are applied correctly.
This issue occurs only when the following conditions are true:
The network is a mixed environment of different operating systems including the following:
Windows Server 2008
Windows Server 2008 R2
Windows Vista (RSAT)
Windows 7 (RSAT)
The network also has at least one computer that is running one of the following operating systems:
Windows Server 2003
Windows Server 2003 R2
You have previously edited the Group Policy setting on a computer that is running Windows XP or Windows Server 2003.
When these conditions are true, an issue prevents the Group Policy Management Editor window from correctly displaying the Run only allowed Windows applications setting on computers that are running Windows Vista, Windows Server 2008, or Windows 7.
To work around these issues, you can use one of the following methods.
Method 1: Use AppLocker or Software Restriction policies instead of this legacy policy
Windows 7 and Windows Server 2008 R2 introduced AppLocker to:
Help prevent malicious software (malware) and unsupported applications from affecting computers in your environment.
Prevent users from installing and using unauthorized applications.
Implement application control policy to satisfy security policy or compliance requirements in your organization.
Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 all support Software Restriction Policies (SAFER) which also control applications similiarly to AppLocker. Both AppLocker and SAFER replace the legacy policy setting "Run only allowed Windows applications", which was originally designed for Windows 95 system policies.
For more information about AppLocker, please review:
Method 2: Re-create the setting on Windows 7 or on Windows Server 2008
To work around this issue, you will have to re-create the Run only allowed Windows applications Group Policy setting by using the Group Policy Management Editor window on a server that is running Windows Server 2008 or on a Windows 7-based computer. After the setting has been re-created, do not edit Group Policy settings on a server that is running Windows Server 2003 or on a Windows XP-based computer.
Method 3: Edit the setting on Windows Server 2003 or on Windows XP
To work around this issue, only edit the Run only allowed Windows applications Group Policy setting on a server that is running Windows Server 2003 or on a Windows XP-based computer.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.