Tech

Guides
 

Configuring AppLocker in Server 2008 R2 and Windows 7

By Rick Vanover, Special to ZDNet Asia
Tuesday, September 15, 2009 12:19 PM
Windows Server 2008 R2's AppLocker feature allows additional policy configuration for software use on servers. Here's an overview of the enhanced functionality.

Starting with Windows Server 2008 R2 for server platforms and Windows 7 for desktop platforms, the Software Restrictions policies functionality has been replaced with AppLocker.

With AppLocker and Group Policy, you can define what files to prohibit from being executed; this can include scripts, installation files, and standard executables.

The management goodness of AppLocker is that it can be applied via Group Policy locally or via a domain-based GPO. AppLocker exists in the Computer Configuration section of Group Policy under Windows Settings | Security Settings | Application Control Policies. From there, the AppLocker configuration provides an enhanced Group Policy configuration as shown in Figure A.

Figure A

Click the image to enlarge.

Within this section of Group Policy, you can craft myriad individual configurations, including policies that permit or deny users or groups the ability to run a file, an installation, or a script. Further, you can set this with exceptions and apply it in a granular fashion in Active Directory. If you don't want a full deny, you can configure AppLocker to only audit the iteration of an installation file, a script, or a standard executable.

The AppLocker feature is new to Windows Server 2008 R2 and will not apply to operating systems older than Windows Server 2008 R2 or Windows 7. For older OSs, you can apply Software Restriction Policies via a separate group policy object.

Visit Microsoft's site for more information about AppLocker.

Rick Vanover is a Systems Administrator in Columbus, Ohio. He has more than 12 years of IT experience, and he focuses on virtualization, Windows-based server administration, and system hardware.



WORTHWHILE?

0

0 votes
Blog

Talkback 1 comments

Configuring AppLocker in Server 2008 R2 and Windows 7
Great subject matter, but there's barely any how-to here. Would love to see a much more detailed look at configuring AppLocker.
Posted by Simplify PC Solutions on Tuesday, September 22 2009 12:38 AM


Guest user

Guest user

Level: 
Joined: —
Already a member? Log in »



 

Loading...

Whitepapers/Case Studies

Downloads

Windows Server News



Tech Jobs Now!


Search for your ideal tech job:

Tags

  1. domain controller
  2. environment
  3. group policy
  4. hardware
  5. infrastructure / architecture management
  6. microsoft server 2003
  7. microsoft windows
  8. microsoft windows active directory
  9. microsoft windows powershell
  10. microsoft windows server
  11. microsoft windows server 2008
  12. network
  13. ohio
  14. rick vanover
  15. server
  16. server platforms
  17. servers
  18. storage
  19. tool
  20. virtualization