If you’re aware that AppLocker supports exceptions, you may have this thought.
Unseasoned AppLocker users often go for this approach, which can burn quite badly. Let’s give you some examples of incorrect ways that people attack it. The requirement sounds easy enough, but AppLocker can be a little bit tricky to get right with these parameters. Obviously it goes without saying that you’d need to turn on AppLocker (by enabling the App Identity service and configuring it for “Enforced” – both of which are covered in the article linked above) and create your required AD group ahead of time. Let’s take an example and use FTP – the FTP executable is only to be used by Administrators, and any users added to an “FTP Allow” Active Directory group. The commonest use case I see is that people want administrators to be able to run anything, but wish to restrict the use of certain system executables to “whitelist” groups. There are GPOs that can control some of these, but if AppLocker is your approach then it makes sense to leverage that.
#Windows 8.1 applocker windows
Think anything in the Windows system folders – the command prompt, Registry editor, FTP, subst, etc., etc.
Rather than discuss the ins and outs of each of these technology stacks (or even third-party tools that can extend these capabilities, such as Ivanti Application Control or Citrix WEM), I will simply link you to this article for further reading (which was actually written by me, despite what the author details may have you think!)Ī common requirement for any application management tool is to restrict system applications.
#Windows 8.1 applocker software
It superseded the old Software Restriction Policies and is itself slated to be replaced by Microsoft Defender Application Control, but as of today, it is still the recommended application management solution, particularly within multi-user environments. I have been asked about this a few times in the past, so thought I would quickly document it while it is fresh in my memory.ĪppLocker is Microsoft’s GPO-based technology that deals with application execution restriction.
0 kommentar(er)
