Like Software Restriction Policies, AppLocker policies are aslo used to block specific applications on a computer. We can apply this policy to all future version of the product, which are already blocked by the AppLocker. AppLocker Policies also known as Application Control Policies. AppLocker feature is available only in the Enterprise and Ultimate editions of the product.
To run AppLocker policies [For 'Windows 7' Pc]:
1) Click 'Start' → Control Panel → System and Security → Administrative Tools → Local Security Policy → Application Control Policies.
[This steps apply on 'View by' 'Category']
OR
Click 'Start' → Control Panel → Administrative Tools → Local Security Policy → Application Control Policies.
[This steps apply on 'View by' 'Large icons' or 'Small icons']
2) Expand 'Application Control Policies'.
3) Double click on 'AppLocker'.
Different rules under AppLocker are:
➤Executable Rules: This rule can apply only to .exe and .com file types. The default executable rules are path rules that allow everyone to execute all the application in the program file folder and Windows folder. The default rule also allows the user who has administrator rights to execute applications in any location on the computer.
➤Windows Installer Rules: Applicable for .msi and .msp file extensions. This rule blocks or allows software installation on your Computer. The default Windows Installer rule allows everyone to use digitally signed Windows Installer files and allows local Administrator user to run all .msi or .msp file. The default Windows Installer rule allows installation of any software and software updates through group policy.
➤Script Rules: Applicable for .ps1, .bat, .cmd, .vbs, and .js files. The default script rule allows the execution of all scripts located in the Program file folder and Windows folder and allows local Administrator to execute scripts in any location.
➤DLL Rule: Applicable for library files which have .dll and .ocx file extensions. Dll rules are not enabled by default in Windows 7. To enable the DLL rule, right click on AppLocker node → Then 'AppLocker Properties' window will come. → Click at 'Advanced' tab → Click at 'Enable the DLL rule collection' check box. → Apply → Ok.
⏩Hand on Practical-
[Perform the activity "To restrict an application through gpedit".]
1) Write down "gpedit.msc" from 'Run' Command window. [Press 'Windows' + 'R' key from keyboard → Write down "gpedit.msc" in the 'Run' command box → Press 'Ok' button.]
2) Then 'Local group Policy Editor' window will come.
3)Expand 'User Configuration' from left pane of 'Local Group Policy Editor'.
4) Expand 'Administrative Template' node under 'User configuration' and select 'System' node.
5) From the right pane of the window, double click on 'Don't run specified Windows application'.
6) Then 'Don't run specified Windows applications' dialog box will come. → Select 'Enabled' option to restrict Windows applications and then click 'Show' button.
7) Click 'Add' button and then type executable file name of the program that you want to restrict user from running. For example if you want to restrict a user from running Calculator application, type 'calc.exe'.
Click 'Ok' to apply the changes made.
3) Double click on 'AppLocker'.
Different rules under AppLocker are:
➤Executable Rules: This rule can apply only to .exe and .com file types. The default executable rules are path rules that allow everyone to execute all the application in the program file folder and Windows folder. The default rule also allows the user who has administrator rights to execute applications in any location on the computer.
➤Windows Installer Rules: Applicable for .msi and .msp file extensions. This rule blocks or allows software installation on your Computer. The default Windows Installer rule allows everyone to use digitally signed Windows Installer files and allows local Administrator user to run all .msi or .msp file. The default Windows Installer rule allows installation of any software and software updates through group policy.
➤Script Rules: Applicable for .ps1, .bat, .cmd, .vbs, and .js files. The default script rule allows the execution of all scripts located in the Program file folder and Windows folder and allows local Administrator to execute scripts in any location.
➤DLL Rule: Applicable for library files which have .dll and .ocx file extensions. Dll rules are not enabled by default in Windows 7. To enable the DLL rule, right click on AppLocker node → Then 'AppLocker Properties' window will come. → Click at 'Advanced' tab → Click at 'Enable the DLL rule collection' check box. → Apply → Ok.
⏩Hand on Practical-
[Perform the activity "To restrict an application through gpedit".]
1) Write down "gpedit.msc" from 'Run' Command window. [Press 'Windows' + 'R' key from keyboard → Write down "gpedit.msc" in the 'Run' command box → Press 'Ok' button.]
2) Then 'Local group Policy Editor' window will come.
3)Expand 'User Configuration' from left pane of 'Local Group Policy Editor'.
4) Expand 'Administrative Template' node under 'User configuration' and select 'System' node.
5) From the right pane of the window, double click on 'Don't run specified Windows application'.
6) Then 'Don't run specified Windows applications' dialog box will come. → Select 'Enabled' option to restrict Windows applications and then click 'Show' button.
7) Click 'Add' button and then type executable file name of the program that you want to restrict user from running. For example if you want to restrict a user from running Calculator application, type 'calc.exe'.
Click 'Ok' to apply the changes made.
---------------------------------0-------------------------------
No comments:
Post a Comment