jump to navigation

Creating Applocker Rules in Group Policy May 20, 2013

Posted by vbry21 in Microsoft Training, Windows 2012.
Tags:
trackback

One of the courses I teach is the Microsoft Windows 2012 Installing and Configuring course, the Microsoft designation is the 20410B

In the presentation, we look implementing App Locker Policies.

AppLocker, which was introduced in the Windows 7 operating system and Windows Server 2008 R2, is a security setting feature that controls which applications users are allowed to run.

AppLocker provides administrators a variety of methods for determining quickly and concisely the identity of applications that they may want to restrict, or to which they may want to permit access. You apply AppLocker through Group Policy to computer objects within an OU. You can also apply Individual AppLocker rules to individual AD DS users or groups.

 

AppLocker also contains options for monitoring or auditing the application of rules. AppLocker can help organizations prevent unlicensed or malicious software from executing, and can selectively restrict ActiveX® controls from being installed. It can also reduce the total cost of ownership by ensuring that workstations are standardized across the enterprise, and that users are running only the software and applications that are approved by the enterprise.

 

Using AppLocker technology, companies can reduce administrative overhead and help administrators control how users can access and use files, such as .exe files, scripts, Windows Installer files (.msi and .msp files), and DLLs.

 

You can use AppLocker to restrict software that:

 

  • Is not allowed to be used in the company. For example, software that can disrupt employees’ business productivity, such as social networking software, or software that streams video files or pictures that can use a large amounts of network bandwidth and disk space.

 

  • Is no longer used or it has been replaced with a newer version. For example, software that is no longer maintained, or for which licenses have expired.

 

  • Is no longer supported in the company. Software that is not updated with security updates might pose a security risk.

 

  • Should be used only by specific departments.

 

The demonstration is available at the BryanQA Youtube site

Advertisements

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: