Windows 10 domain policy issue from Windows XP & Vista days

It has been awhile since my last blog post. My co-workers and I were running into an issue where all the Windows Store Apps were crashing at startup. After looking at the event log, there was no information that helped me. I then dug in a little further and it turned out that the C:\Program Files\WindowsApps folder was missing the ALL APPLICATION PACKAGES group.

This was causing the application crashes. Once I added the group back in and gave it the appropriate permissions, the store apps were working again. Problem solved, right? Nope! Later that day, the problem occurred again. Now I knew something was overriding the security of the folder. Time to start digging. I looked in gpedit.msc (Group Policy Editor), but did not find anything about the Program Files or WindowsApps folders. I then tried rsop.msc (Resultant Set of Policy) and made progress.

Looks like there was a File System group policy that was overriding the whole Program Files folder. Now I wanted to know why this policy was there. After some googling, I found a Microsft Article and a random site detailing the policies. Turns out this was to restore security policies back to folders for user rights assignments and security templates over the time of a OS life-cycle. The second URL has the same configurations that are shown in the image, which made me assume that this was a default template. After discussing with IT, they decided to remove these policies from the domain server. I was then able to re-add the ALL APPLICATION PACKAGES group to the WindowsApps folder for the last time.