![]() Software restriction policies are made up of various types of rules. Besides, AppLocker still supports the same types of rules as the software restriction policies did, so I think that it makes sense to give you a quick crash course in software restriction policy rules. Software Restriction Policy Shortcomingsīefore you can really appreciate AppLocker, you need to understand what it was about software restriction policies that made them so terribly ineffective. ![]() Do not expect AppLocker to be as comprehensive as third party desktop lockdown solutions, but it is quite a bit better than software restriction policies were. This newly redesigned feature has also been renamed to AppLocker. The good news is that in Windows 7, Microsoft has finally redesigned software restriction policies. They added a new type of rule called network zone rules, and introduced a new security level called Basic User, but that was pretty much the extent of the changes. To my disappointment, Microsoft only made minor changes to software restriction policies in Windows Vista and in Windows Server 2008. I have to tell you that the answer that I was given to my question really didn’t make me feel any better, but I accepted the fact that software restriction policies were brand new, and assumed that they would be greatly improved in the next version of Windows. They would have to perform deliberate actions to get around the policies, and at that point you could terminate them for violating your corporate security policy. I was also told that even though users could circumvent some of the policies that users wouldn’t be able to do so by accident. I was told that software restriction policies were in their first generation form, and that they would get better over time. During the demo I had noticed that it would be fairly easy for a user to get around most of the types of policies that could be created, and I asked the presenter what good software restriction policies were if they were so easy to circumvent. Software restriction policies were about to be introduced for the first time, and I had just seen them demonstrated for the first time. ![]() I will never forget a conversation that I had with someone in Redmond many years ago. While it is possible to lock down user workstations using software restriction policies it tends to be very difficult to create policies that the users can’t easily circumvent. Over the last several generations of Windows, if you wanted to restrict which applications users were allowed to run, your only real options were to use Software Restriction Policies, or a third party utility such as Bit9’s Parity. The problem with using software restriction policies is that, to be perfectly frank, they really are not very good. ![]() This article explains why software restriction policies are ineffective and how AppLocker can help. A new Windows 7 feature called AppLocker attempts to address everything that is wrong with software restriction policies in previous versions of Windows. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |