PCQuest : Top Stories : AppLocker

AppLocker

With this feature, administrators gain more control over what users can or can't run on their PCs. It can prevent users or a group of users from running specific executables, DLLs, or even .ocx files

Swapnil Arora

Tuesday, October 06, 2009

Print Comment Email Digg Del.icio.us Reddit Twitter

This new feature is also available in Windows Server 2008 R2 and is a replacement of the earlier feature known as 'Software restriction policies.' In AppLocker you can block executable files ie .exe and .com files, Windows installer files such as .msi and .msp, and DLL files i.e .dll and .ocx.

AppLocker supports three types of rules: Path Rules, Hash Rules and Publisher rules. Under Path rules, an application is identified by AppLocker through its path/location on the machine. Under Hash Rules, AppLocker creates a cryptographic hash of an application and uses it to identify the application.

A drawback of the Hash Rule is that if you update the application, its hash is likely to change. If you go ahead and do this, then you would also need to update the rule, to ensure that it works. Under the third rule, Publisher, the application is identified through the digital signature of the program which is issued by its developer. While using this rule you can block all products from the publisher or a particular product. It also allows administrators to specify the version number which should be blocked. Once a rule has been created, you simply need to select the groups or users you wish to block from accessing a particular application or deny installation rights to users.

How to use
Let's create a sample rule to block a program access by a particular group of users. You can access AppLocker under Local Security Policy which is present under administrative tools. Once you open Local Security policy, you shall find AppLocker under Application Control policies. Here you will be able to see all three options: Executable Rules, Windows Installer Rules and Script rules. To block a program, right click on Executable Rules and select 'Create New Rule' option.

This will launch a 'Create Executables Rules' wizard. In the second step it will ask you to select the action in the program ie Allow or Deny. Here select 'Deny' and select the group or user you wish to block from accessing this program. Next, it will ask you to choose the program condition. Here, since the program is already installed, select the Path option. Next you need to browse the executable of the program you wish to block, you can also select the folder where the executable file resides; in this case all files in the folder shall be blocked. Next, you can add exceptions if any, based on Publisher, Hash and Path rules. Finally click on Create to create the rule. Also please ensure that 'Application Identity' service is running, as it is required by AppLocker to work.

Next - Booting From Virtual Disks

Page(s) 1




	Moving From XP or Vista to Win 7
	The Key Enhancements
	Installing Windows 7
	Tips and tricks for using Windows 7

Untitled Document

ZTE:Leading CDMA Technology

Extraordinary Networks:Freedom of Choice

	Other CyberMedia web sites [Dataquest] [Voice&Data] [CIOL] [Living Digital] [IDC India] [DQ Channels] [the DQweek] [CyberMedia India] [Global Services Media] [CyberMedia Events] [Cybermedia Digital] [CyberAstro] [BioSpectrum] [BioSpectrum Asia] [Computer Shopper] [College Buying Guide] [Voice&DataConnect]