We look at restricting what programs other users can access using AppLocker.
Note: AppLocker is only available in Ultimate and Enterprise versions of Windows 7.
AppLocker is the successor of Software Restriction Policies introduced first in the Windows XP and Windows Server 2003 computers. The AppLocker can be used to allow or deny the execution of an application, file, EXE, DLL, etc. The AppLocker provides the following enhancements:
The process
To create rules in AppLocker you’ll need to logged in as Administrator. Click on Start and type gpedit.msc into the search box and hit Enter.
Under Local Computer Policy go to Computer Configuration \ Windows Settings \ Security Settings \ Application Control Policies \ AppLocker.
Now you will see the overall controls for the applications on the right hand plane after clicking the AppLocker. Under Configure Rule Enforcement click on the Configure rule enforcement link, from the right plane
Fig C
Now under AppLocker Properties check the boxes next to Configured under Executable rules then click Ok.
The Next process is how to block a particular operation. This could be achieved as a group policy on the domain or blocking individual from accesing a particular application on a computer.
The process here for example highlight on individual on a particular computer, blocking window media player to be accessed on a particalar system.
From fig C, scroll down the right plane frame untill you get to overview section. Under the Overview section click on Executable Rules. Then the diagram below would appear. Right click inside the white window to create a new rule
This opens up the Create Executable Rules wizard and you can select not to show the introduction screen at start up for the next time you access it.
under the permission, click the radio button deny. Add the user you intend to deny as shown on the small box tagged 'select user or group' , click OK and continue to next step.
You can select from Publisher, Path or File hash. Select path if you do not want user (wumi) to have access to any of the window media player as shown below
Again, a message pops up saying default rules have not been created yet and it is important to create it, so click Yes to this message as shown below
Finally, go to services and make sure that Application Identification is started and it’s set to automatically start , otherwise the rules won’t work. By default this service is not started so you will need to enable it as shown below.
0 comments:
Post a Comment