For some time now there has been a really great security feature that was introduced in Windows Server 2003 and Windows XP. This feature was designed primarily to help administrators keep unwanted programs (like malware) off of their systems. No, this feature is not called AppLocker. :>) Instead, it was called: "Software Restriction Policies (SRPs)".
For myself, I both advocated and often used this feature in an attempt to take a very proactive stance in ensuring that systems did not become vassals of malware. Additionally, SRPs also provided a really good platform from which you could ensure that users only executed approved applications on their systems and for the occasional practical joke on the newbie. In other words, minus some shortcomings (like Link) SRPs should have been part of every Windows heavy organization's DID (Defense-in-Depth) approach to security. Sadly, like so many other really great and helpful built-in security thingies, to my knowledge SRPs were never really used.
Based on my understanding, SRPs went unused primarily because of the time it took to create and maintain the restriction polices. I guess that is a valid excuse, after all we IT'ers already spend a lot of our time trying to remove unapproved applications and cleaning up malware. :>) Luckily, Microsoft heard our complaints and decided to address the concerns with SRPs by introducing a Windows 7 feature called AppLocker.
Well, as Mark Russinovich was quoted as saying, "AppLocker is SRP on steroids". Hmmmmm... I do not know if I would go far, but one of the more noticeable improvements is with the ease you can create a white list of approved applications based several aspects of metadata. In other words, it's a bit easier to maintain a draconian set application restrictions regardless of how dynamic your environment it.
Hurray, let me be the first to greet our new Application Overlords!
In my next AppLocker post, I will talk about some of the finer points around using and configuring this feature. Later...
If you like this, check out some other posts from Tyson:
Or if you want, you can also check out some of Tyson's latest publications:
Lastly, visit the Microsoft Subnet for more news, blogs, and opinions from around the Internet. Or, sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert)
With more than ten years of experience in IT, Tyson Kopczynski has become a specialist in Active Directory, Information Assurance, Windows automation, PKI, and IT security practices. Tyson is also the founding author of the Windows PowerShell Unleashed series and has been a contributing author for such books as Microsoft Internet Security and Acceleration (ISA) Server 2006 Unleashed and Microsoft Windows Server 2008 Unleashed. He has also written many detailed technical papers and guides covering various technologies. As a consultant at Convergent Computing, Tyson works with and provides feedback for next generation Microsoft technologies since their inception and has also played a key role in expanding the automation and security practices at CCO. Tyson also holds such certifications as the Certified Information Systems Security Professional (CISSP), the SANS Security Essentials Certification (GSEC) and SANS Certified Incident Handler (GCIH), and the MCTS (Application Platform, Active Directory, and Network Infrastructure).
Certifications:
Publications:
Other Stuff:
The Leader in Network Knowledge
Post new comment