AppLocker is a new feature in Windows 7 and Windows Server 2008 R2 that replaces Software Restriction Policies in earlier versions of Windows Like Software Restriction Policies, AppLocker gives administrators control over which applications standard users can run Restricting the applications that users can run not only gives greater control over the desktop environment, but it is one of the best ways to reduce the risk of malware infections, limit the possibility of running unlicensed software, and prevent users from running software that IT has not verified as meeting security compliance requirements .
Compared with Software Restriction Policies, AppLocker provides the following benefits:
■ Defines rules based on attributes in the digital signature, such as the publisher, filename, and version. This is a tremendously useful feature because it can allow administrators to let users run any version of a signed application, including future versions . For example, consider an IT department that develops and signs a custom application that users should be able to run. In earlier versions of Windows, administrators could create a rule based on the hash of the file, allowing users to run that specific version of the application. If the IT department released an update to the executable file, administrators would need to create a new rule for the update . With Windows 7, administrators can create a rule that applies to current and future versions, allowing updates to be quickly deployed without waiting for rule changes.
■ Assigns rules to security groups or individual users.
■ Creates exceptions for .exe files . For example, administrators can create a rule that allows any application to run except a specific . exe file .
■ Imports and exports rules, which allow administrators to copy and edit rules easily.
■ Identifies files that cannot be allowed to run if a policy is applied by using the audit-only mode
For more information about AppLocker, refer to Chapter 24.
Was this article helpful?