App locker presentation_adam_drews_2010523
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

App locker presentation_adam_drews_2010523

on

  • 701 views

 

Statistics

Views

Total Views
701
Views on SlideShare
699
Embed Views
2

Actions

Likes
0
Downloads
11
Comments
0

1 Embed 2

http://www.slideshare.net 2

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

App locker presentation_adam_drews_2010523 Presentation Transcript

  • 1. CNS-594
    Adam Drews
    Windows 7 - AppLocker
    1
  • 2. What is it?
    Application control feature available in Windows 7 (Enterprise and Ultimate) and Windows Server 2008 R2
    Helps prevent the execution of unwanted and unknown applications
    Provides security, operational, and compliance benefits
    Allows for application whitelisting or blacklisting
    2
  • 3. 3
    Why do we need it?
    Prevent unlicensed software from running
    Prevent vulnerable, unauthorized applications from running
    Provide greater desktop configuration control
    Meet compliance regulations
  • 4. How does it work?
    Works with Windows Group Policy
    Has 2 rule actions: Allow or Deny
    3 Laws:
    Law 1: Explicit Deny
    Law 2: Explicit Allow
    Law 3: Implicit Deny
    Define policies based on Executables, Windows Installers, andScripts
    Executable Rule: Publisher, File Hash and Path
    Windows Installer Rules: MSIs and MSPs
    Script Rules: .PS1, .CMD, .JS, .BAT, and .VBS
    4
  • 5. How does it work? Continued
    3 steps:
    Setup AppLocker rules
    Turn on auditing or enforcement
    Enable “AppID” service on client machines
    5
  • 6. How does it work? Example 1
    Executable Rule (Publisher) - The application signing certificate is used to learn about the application.
    You can adjust what level of information you’ll allow for an application.
    6
  • 7. 7
    Example 1 - Continued
    I set the level to allow any version of Microsoft Excel with the filename EXCEL.EXE above version 12.0.6524.5003 (Excel 2007 and above) to be run by members of the Everyone group.
  • 8. 8
    References
    Microsoft Technet
    http://technet.microsoft.com/en-us/library/dd548340(WS.10).aspx
    The Lazy Admin
    http://thelazyadmin.com/blogs/thelazyadmin/archive/2009/05/21/windows-7-app-locker.aspx
    GPAnswers.com
    http://www.gpanswers.com/
    http://www.slideshare.net/CoreTrace/moskowitz-whitepaper-microsoft-app-locker-and-beyond