Saturday, 15 October 2016

Applocker



AppLocker is the successor of Software Restriction Policies introduced first in the Windows XP and Windows Server 2003 computers. The AppLocker can be used to allow or deny the execution of an application, file, EXE, DLL, etc. The AppLocker provides the following enhancements:

You can define the rules based on the attributed from a file. For example, you can allow execution of a file based on the publisher.
You can configure the AppLocker in Audit Mode.
A new user friendly user-interface can be used to configure AppLocker.
Requirement for AppLocker:
AppLocker works only on Windows 7 and Windows Server 2008 R2 computers. AppLocker is available only in the below mentioned editions:
     Windows 7 Ultimate/Enterprise
     Windows Server 2008 Standard/Enterprise/Datacenter
AppLocker requires a service to be running in background. The service name is Application Identifier or AppID. By default, this service is stopped and must be started for AppLocker to work.
To configure AppLocker, follow the steps:
    1. Go to Start > Run > GpEdit.msc
    2. Expand the following node/sub-node:
    Computer Configuration\Windows Settings\Security Settings\Local Policies\Application
    ControlPolicies\AppLocker
AppLocker rules are completely separate from Software Restriction Policy rules and cannot be used to manage previous versions of Windows.
AppLocker and Software Restriction Policies are separate. If AppLocker rules have been defined, then only those rules will be applied and Software Restriction Policies rules will be ignored.

1 comment: