by October 6, 2009 0 comments



This new feature is also available in Windows Server 2008 R2 and is a
replacement of the earlier feature known as ‘Software restriction policies.’ In
AppLocker you can block executable files ie .exe and .com files, Windows
installer files such as .msi and .msp, and DLL files i.e .dll and .ocx.

AppLocker supports three types of rules: Path Rules, Hash Rules and Publisher
rules. Under Path rules, an application is identified by AppLocker through its
path/location on the machine. Under Hash Rules, AppLocker creates a
cryptographic hash of an application and uses it to identify the application.

A drawback of the Hash Rule is that if you update the application, its hash
is likely to change. If you go ahead and do this, then you would also need to
update the rule, to ensure that it works. Under the third rule, Publisher, the
application is identified through the digital signature of the program which is
issued by its developer. While using this rule you can block all products from
the publisher or a particular product. It also allows administrators to specify
the version number which should be blocked. Once a rule has been created, you
simply need to select the groups or users you wish to block from accessing a
particular application or deny installation rights to users.

How to use
Let’s create a sample rule to block a program access by a particular group
of users. You can access AppLocker under Local Security Policy which is present
under administrative tools. Once you open Local Security policy, you shall find
AppLocker under Application Control policies. Here you will be able to see all
three options: Executable Rules, Windows Installer Rules and Script rules. To
block a program, right click on Executable Rules and select ‘Create New Rule’
option.

This will launch a ‘Create Executables Rules’ wizard. In the second step it
will ask you to select the action in the program ie Allow or Deny. Here select
‘Deny’ and select the group or user you wish to block from accessing this
program. Next, it will ask you to choose the program condition. Here, since the
program is already installed, select the Path option. Next you need to browse
the executable of the program you wish to block, you can also select the folder
where the executable file resides; in this case all files in the folder shall be
blocked. Next, you can add exceptions if any, based on Publisher, Hash and Path
rules. Finally click on Create to create the rule. Also please ensure that
‘Application Identity’ service is running, as it is required by AppLocker to
work.

Next –

Booting From Virtual Disks

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

Your data will be safe!Your e-mail address will not be published. Also other data will not be shared with third person.