App locker presentation_adam_drews_2010523

906 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
906
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
67
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

App locker presentation_adam_drews_2010523

  1. 1. CNS-594<br />Adam Drews<br />Windows 7 - AppLocker<br />1<br />
  2. 2. What is it?<br />Application control feature available in Windows 7 (Enterprise and Ultimate) and Windows Server 2008 R2<br />Helps prevent the execution of unwanted and unknown applications<br />Provides security, operational, and compliance benefits<br />Allows for application whitelisting or blacklisting<br />2<br />
  3. 3. 3<br />Why do we need it?<br />Prevent unlicensed software from running<br />Prevent vulnerable, unauthorized applications from running<br />Provide greater desktop configuration control<br />Meet compliance regulations<br />
  4. 4. How does it work?<br />Works with Windows Group Policy<br />Has 2 rule actions: Allow or Deny<br />3 Laws:<br />Law 1: Explicit Deny<br />Law 2: Explicit Allow<br />Law 3: Implicit Deny<br />Define policies based on Executables, Windows Installers, andScripts<br />Executable Rule: Publisher, File Hash and Path<br />Windows Installer Rules: MSIs and MSPs<br />Script Rules: .PS1, .CMD, .JS, .BAT, and .VBS <br />4<br />
  5. 5. How does it work? Continued<br />3 steps:<br />Setup AppLocker rules<br />Turn on auditing or enforcement<br />Enable “AppID” service on client machines<br />5<br />
  6. 6. How does it work? Example 1<br />Executable Rule (Publisher) - The application signing certificate is used to learn about the application. <br />You can adjust what level of information you’ll allow for an application.<br />6<br />
  7. 7. 7<br />Example 1 - Continued<br />I set the level to allow any version of Microsoft Excel with the filename EXCEL.EXE above version 12.0.6524.5003 (Excel 2007 and above) to be run by members of the Everyone group. <br />
  8. 8. 8<br />References<br />Microsoft Technet<br />http://technet.microsoft.com/en-us/library/dd548340(WS.10).aspx<br />The Lazy Admin<br />http://thelazyadmin.com/blogs/thelazyadmin/archive/2009/05/21/windows-7-app-locker.aspx<br />GPAnswers.com<br />http://www.gpanswers.com/<br />http://www.slideshare.net/CoreTrace/moskowitz-whitepaper-microsoft-app-locker-and-beyond<br />

×