Advertisment

AppLocker

author-image
PCQ Bureau
New Update

This new feature is also available in Windows Server 2008 R2 and is a

replacement of the earlier feature known as 'Software restriction policies.' In

AppLocker you can block executable files ie .exe and .com files, Windows

installer files such as .msi and .msp, and DLL files i.e .dll and .ocx.

Advertisment

AppLocker supports three types of rules: Path Rules, Hash Rules and Publisher

rules. Under Path rules, an application is identified by AppLocker through its

path/location on the machine. Under Hash Rules, AppLocker creates a

cryptographic hash of an application and uses it to identify the application.

A drawback of the Hash Rule is that if you update the application, its hash

is likely to change. If you go ahead and do this, then you would also need to

update the rule, to ensure that it works. Under the third rule, Publisher, the

application is identified through the digital signature of the program which is

issued by its developer. While using this rule you can block all products from

the publisher or a particular product. It also allows administrators to specify

the version number which should be blocked. Once a rule has been created, you

simply need to select the groups or users you wish to block from accessing a

particular application or deny installation rights to users.

How to use



Let's create a sample rule to block a program access by a particular group

of users. You can access AppLocker under Local Security Policy which is present

under administrative tools. Once you open Local Security policy, you shall find

AppLocker under Application Control policies. Here you will be able to see all

three options: Executable Rules, Windows Installer Rules and Script rules. To

block a program, right click on Executable Rules and select 'Create New Rule'

option.

This will launch a 'Create Executables Rules' wizard. In the second step it

will ask you to select the action in the program ie Allow or Deny. Here select

'Deny' and select the group or user you wish to block from accessing this

program. Next, it will ask you to choose the program condition. Here, since the

program is already installed, select the Path option. Next you need to browse

the executable of the program you wish to block, you can also select the folder

where the executable file resides; in this case all files in the folder shall be

blocked. Next, you can add exceptions if any, based on Publisher, Hash and Path

rules. Finally click on Create to create the rule. Also please ensure that

'Application Identity' service is running, as it is required by AppLocker to

work.

Next -



Booting From Virtual Disks

Advertisment