2. What is it? Application control feature available in Windows 7 (Enterprise and Ultimate) and Windows Server 2008 R2 Helps prevent the execution of unwanted and unknown applications Provides security, operational, and compliance benefits Allows for application whitelisting or blacklisting 2
3. 3 Why do we need it? Prevent unlicensed software from running Prevent vulnerable, unauthorized applications from running Provide greater desktop configuration control Meet compliance regulations
4. How does it work? Works with Windows Group Policy Has 2 rule actions: Allow or Deny 3 Laws: Law 1: Explicit Deny Law 2: Explicit Allow Law 3: Implicit Deny Define policies based on Executables, Windows Installers, andScripts Executable Rule: Publisher, File Hash and Path Windows Installer Rules: MSIs and MSPs Script Rules: .PS1, .CMD, .JS, .BAT, and .VBS 4
5. How does it work? Continued 3 steps: Setup AppLocker rules Turn on auditing or enforcement Enable “AppID” service on client machines 5
6. How does it work? Example 1 Executable Rule (Publisher) - The application signing certificate is used to learn about the application. You can adjust what level of information you’ll allow for an application. 6
7. 7 Example 1 - Continued I set the level to allow any version of Microsoft Excel with the filename EXCEL.EXE above version 12.0.6524.5003 (Excel 2007 and above) to be run by members of the Everyone group.
8. 8 References Microsoft Technet http://technet.microsoft.com/en-us/library/dd548340(WS.10).aspx The Lazy Admin http://thelazyadmin.com/blogs/thelazyadmin/archive/2009/05/21/windows-7-app-locker.aspx GPAnswers.com http://www.gpanswers.com/ http://www.slideshare.net/CoreTrace/moskowitz-whitepaper-microsoft-app-locker-and-beyond