The default rules allow all files in Windows and Program Files to run, along with allowing members of the Administrators group to run anything. First-time testers will benefit by allowing AppLocker to create a default set of “safe rules” using the Create Default Rules option. Within the local or group policy object, AppLocker is enabled and configured under the \Computer Configuration\Windows Settings\Security Settings\Application Control Policies container.īy default, AppLocker rules do not allow users to open or run any files that are not specifically allowed. Administrators should configure the service to start automatically. AppLocker relies on the built-in Application Identity service, which is normally set to manual startup type by default. You can configure AppLocker locally using the Local Computer Policy object (gpedit.msc) or via Active Directory and Group Policy Objects (GPOs). You can then assign policies to computers, users, security groups, and organizational units via Active Directory. AppLocker allows you to define application execution rules and exceptions based on file attributes such as path, publisher, product name, file name, file version, and so on. Also, for the sake of full disclosure, I’m a full-time employee at Microsoft.)ĪppLocker is an improvement on the Software Restriction Policies (SRP) introduced with Windows XP Professional. (You can read my part one, an overview of some of the security changes, and part two, covering XP Mode. This week, in part three of my ongoing series about Windows 7 security improvements, I’ll discuss AppLocker.
Microsoft’s most sophisticated solution to the problem is AppLocker, an application-control feature included in Windows 7 (Ultimate and Enterprise versions) and Windows Server 2008 R2. If they didn’t, malware wouldn’t be nearly as popular as it is today. If you leave the decision up to end-users, they will almost always make the wrong choice. The most effective means of thwarting these types of threats in an enterprise environment is preventing end-users from installing unapproved programs. These socially engineered Trojans come in the guise of anti-virus scanners, needed codecs for a media player, fake patches, and just about any other bait the bad guys can concoct to lure end-users into installing their Trojan file. Nope, most systems are infected because users are duped into intentionally installing programs that Web sites say they need.
Malicious Trojans continue to plague end-users’ desktops, yet most machines aren’t exploited due to missing patches (although this is the second biggest cause), unpatched zero days (almost never a factor), drive-by downloads, or misconfigurations. InstallerGeek created the topic: Windows 7 Security: What You Need to Know, Part Three
0 kommentar(er)
