Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Software Restriction Policies & AppLocker

advertisement

Software Restriction Policies

Software restriction policies work with:

XP

Vista

Windows 7

Applocker ONLY works with:

Windows 7 Ultimate

Windows 7 Enterprise

Software Restriction Policies are locked in Group Policy

Computer Configuration\Windows Settings\Security

Settings\Software Restriction Policies

Software Restriction Policies are very manual and labour intensive.

Which policy wins?

If AppLocker is in use, AppLocker beats Software Restriction

Policies.

As a side note the most specific policy is done first then the general ones.

Hash Rules (most specific)

Certificate Rules

Path Rules

Network Zone Rules

Default Rules (most general)

Hash Rules:

Has a unique identifier

Can control very specific applications e.g. version1,

2, etc.

You have to update this manually every time a new executable (version) comes out

Certificate Rules:

Controls application usage by publisher

Very hard cryptographically to beat

This will affect EVERY application by that publisher that has been SIGNED (app must be signed for rule to work)

Resource intensive as the system has to do a lot of checking.

Path Rules:

Allows you to control programs by what directory they are in.

This can be beaten by moving the .exe to a different folder.

Network Zone Rules:

You can control applications based on where they have come from e.g. the Internet.

Only applies to .msi files and files downloaded via

Internet Explorer

The Default Rules:

Computer Configuration\Windows Settings\Security

Settings\Software Restriction Policies\Security Levels

Then there are 3 settings of which you must pick one to make default:

1.

Disallowed, 2.Basic user, 3. Unrestricted

AppLocker

Only works in Windows 7 Ultimate & Enterprise and Server 2008 R2

Local Computer Policy

Computer Configuration\Windows Settings\Security

Settings\Application control Policies\AppLocker

Can control this by users or groups

Application Identity Service MUST be running (default = manual)

Block rules ALWAYS override Allow rules

AppLocker Properties window allows you to “Enforce Rules” or “Audit Only” (this lets you test before going live)

AppLocker Properties Window has 3 types of rules in it:

1.

Executable Rules - controls .exe and .com files

2.

Windows Installer Rules – controls .msi & .msp files

3.

Script Rules – controls .bat, .cmd, .js, .ps1 and .vbs files

None of these rules change administrative permissions ie if you’re not allowed to install programs due to your user account permissions these rules won’t affect you.

Option in each rule type to set an exception up!

There is no exception for hash rules though

Publisher rules – can have it affect this version and all future versions

Path Rules – Pick a file or folder (Similar to Software

Restriction Policies)

File Hash Rules – Also similar to Software Restriction Policies

Related documents
Subset
Subset
Checklist 1: - Macedon Ranges Shire Council
Checklist 1: - Macedon Ranges Shire Council
Computers in educational administration
Computers in educational administration
the results of the Mini Survey here.
the results of the Mini Survey here.
RFLP analysis
RFLP analysis
Exam
Exam
Topic: Restriction of Religion in France
Topic: Restriction of Religion in France
abe_lab_4a_confirmation_of_para-r_digest
abe_lab_4a_confirmation_of_para-r_digest
Ch09EOCAs
Ch09EOCAs
Solving Algebraic Fraction Equations and Proportions
Solving Algebraic Fraction Equations and Proportions
10 plasmid extract, EcoRI digest
10 plasmid extract, EcoRI digest
LongeCityLecture_Bulterijs
LongeCityLecture_Bulterijs
Download
advertisement