(I’m probably going to use the term executable most often since my goal was to control applications. Now that you’ve decided how you want to implement AppLocker, you need to identify the executables that you’ll need to allow or deny. This method will require a lot more upfront work to make sure that you don’t accidentally block something, but in the long run will stop more unauthorized applications from running. Anything that is not included in your list will be blocked. Whitelisting in AppLocker lets you deny everything except for specific applications, scripts, and Windows installers you want to allow. This method is also easier to circumvent if you’re using file paths to identify the application or file hashes that don’t include every version of an application. The downside is that you’ll have to generate a list of what you want to block and keep the list up to date. ![]() This method will most likely cause the fewest headaches if you know exactly what you want to block. (Microsoft recently published a whitepaper on how Microsoft IT did this internally. Blacklistingīlacklisting in AppLocker lets you allow everything, but block specific applications, scripts, and Windows installers that you do not want to allow on your computers. There are two ways you can deploy your rules: Blacklisting and Whitelisting. In my situation, I wanted to block malware from running in user profiles as well as preventing unauthorized software from being installed or run from USB media. ![]() This is important because it will determine how you’re going to write your AppLocker rules. ![]() Planningįirst, you’re going to have to decide on what you would like to accomplish by implementing AppLocker. If you’re using older versions of Windows, you’ll have to work with Software Restriction Policies since the older OS will ignore the AppLocker settings in a GPO. You’ll also need to be running Windows 7 or Windows Server 2008 R2 on any client systems where you want to use AppLocker. AppLocker policies cannot be edited on earlier versions of Windows. To implement AppLocker, you’re going to need a management station that is running Windows 7 or Windows Server 2008 R2 with the latest GPMC.
0 Comments
Leave a Reply. |