Application whitelisting in Windows 7 and Windows Server 2008 R2
- 06 November, 2009 12:21
- Comments
Microsoft's AppLocker, the application control feature included in Windows 7 and Windows Server 2008 R2, is an improvement on the Software Restriction Policies (SRP) introduced with Windows XP Professional. AppLocker allows application execution rules and exceptions to them to be defined based on file attributes such as path, publisher, product name, file name, file version, and so on. Policies can then be assigned to computers, users, security groups, and organizational units through Active Directory.
Reporting is limited to what can be pulled from log files, and creating rules for file types not defined in AppLocker can be difficult. But AppLocker's biggest drawback is that it's limited to Windows 7 Enterprise, Windows 7 Ultimate, and Windows Server 2008 R2 clients. Windows 7 Professional can be used to create policy, but cannot use AppLocker to enforce rules on itself. AppLocker cannot be used to manage earlier versions of Windows, although both Windows XP Pro's SRP and AppLocker can be similarly configured to affect an enterprise-wide policy.
AppLocker can be configured locally using the Local Computer Policy object (gpedit.msc) or using Active Directory and Group Policy Objects (GPOs). Like a lot of Microsoft's latest Active Directory-enabled technologies, administrators will need at least one domain-joined Windows Server 2008 R2 or Windows 7 computer to define and administer AppLocker. Windows 7 computers will need the Group Policy Management console feature installed as part of the Remote Server Administration Tools (RSAT) for Windows 7 (a free download). AppLocker relies on the built-in Application Identity service, which is normally set to manual startup type by default. Administrators should configure the service to start automatically.
Within the local or group policy object, AppLocker is enabled and configured under the \Computer Configuration\Windows Settings\Security Settings\Application Control Policies container.
By default, when enabled, AppLocker rules do not allow users to open or run any files that are not specifically allowed. First-time testers will benefit by allowing AppLocker to create a default set of "safe rules" using the Create Default Rules option. The default rules allow all files in Windows and Program Files to run, along with allowing members of the Administrators group to run anything.
One of the most notable improvements over SRP is the ability to run AppLocker against any participating computer using the Automatically Generate Rules option to quickly generate a baseline set of rules. In a few minutes, dozens to hundreds of rules can be created against a known clean image, saving AppLocker administrators anywhere from hours to days of work.
Nominations for the 2012 ARN IT Industry Awards open on Tuesday, June 12.
- Bookmark this page
- Share this article
- Got more on this story? Email ARN
- Follow ARN on twitter
- In Search of the Long-Term Archiving Solution —Tape Delivers Significant TCO Advantage over Disk
- Spectra Logic and Australian National University Success Story - March 2012
- Premier Media Group Fast Study
- Red Light In the Control Centre Saves Hours of Chaos
- Aberdeen Group: Building Business Resilience Through Active Archive
-
REVIEW: HTC Sensation - a powerful beast wrapped in a sturdy, aluminium shell
-
First look: Samsung Galaxy S III
-
Spotify tunes into Australia
-
Telstra and Navman Wireless extend GPS tracking partnership
-
World’s eyes on Aussie NBN: Conroy
Get exclusive access to ARN's news, research and invitation only events. 
Comments
Post new comment