Assume that you install or deploy another image or operating system to a Surface Laptop that had Windows 10 S pre-installed. After setup is completed, you can't run anything (for example, any executable file or application) when you first sign in. Meanwhile, you receive the following error message:
Your organization used Device Guard to block this app.
This issue occurs because Windows 10 S only allows the running of Windows Store applications and certain executable files. When the new version of Windows is installed, it clears the Code Integrity (CI) policy in UEFI that was set by Windows 10 S. However, an additional restart is required for this to take effect.
To fix this issue, restart the operating system one more time, and the device will operate normally.
After the first sign-in, the system information tool (MSINFO32) will show the correct operating system that you just installed. But, because clearing this policy requires an additional restart, you encounter the error message about the application being blocked.
Note If you use any type of batch file, script, or other blocked executable during the first sign-in session to configure the deployment of Windows, it won't execute. Additionally, since Shutdown.exe isn't supported either, a manual restart of Windows may be only solution.
Article ID: 4032347 - Last Review: 2017, ജൂൺ 15 - Revision: 17