- designed for legacy windows, (xp, earlier win2k8)
- fairly east to bypass
- all apps allowed by default
- make specific restrictions
applocker
- designed for win7/8, w2k8r2, win12 and greater
- less easy to bypass
- all apps denied by default
- create default rules to run basic apps to preventing locking out of system
Check inidcates active status.
New path rule - can be bypassed by moving files to different path
Hash rule - application calculated hash. but hash changes for version changes.
Applocker (use with win 2008 R2/Win 7)
in a same policy, when both software restriction policy and applocker policy is used, software restrcition policy will be ignored. use seperate polcies for each of them. for backward compatibility still need to use software restrictions.
first thing before enableing it is Create an "allow" rule to override the "deny all" default rule. Allows all windows and program files to run.
Although, enabled, applocker is not effect until rules and Application Identity Services on the workstation
Automatically create rules - scan for and allow to run installed apps. rules automatically generated. useful for programs outside of windows and program files folder.
Deny rule
deny running notepad,.exe but allow other apps to run
Enable the Application Identity Services
enable it in the same policy
or second option is to enable in the control panel services setting
finally, applocker policy takes time to take effect in contrast to other policy settings.
No comments:
Post a Comment