Among many other new goodies, Windows Server 2008 R2 brings us “AppLocker,” which is a re-branding of the Software Restriction Policies feature that’s been around for a few years now. This technology lets you restrict specific applications from being executed by Windows clients – either by creating a blacklist of prohibited apps, or a whitelist of allowed ones. AppLocker still lets you create path rules (which can consist of nothing more than a filename) and hash rules (which restrict apps based on a hash of the binary executable). So what’s different about AppLocker?
One difference is that AppLocker’s “publisher rules,” you can access a variety of application properties that were unavailable with Software Restriction Policies: publisher and version number, for example. (This doesn’t work with all applications however.)
For another thing, you can run an option that looks for all applications installed on your machine, and creates rules for those apps. This could be a timesaver if you want to go the “whitelist” route, which is more secure but also more time-consuming than creating a blacklist. For example, you could run this option against a “standard build” desktop if you use such a thing in your organization.
So AppLocker isn’t hugely different from Software Restriction Policies, but it may be just enough better so that organizations that hesitated to use SRPs should take another look.
Glenn Weadock is a longtime instructor for Global Knowledge and teaches Windows 7, Server 2008, and Active Directory. He has recently co-developed with Mark Wilkins two advanced Server 2008 classes in the Microsoft Official Curriculum. Glenn also consults through his Colorado-based company Independent Software, Inc. and is technical director of MarketCoach Investment Education Software LLC.
The Leader in Network Knowledge
Post new comment