AppLocker feature resolution for Windows 7

AppLocker, the so-called "application control Strategy", is a new security feature added to Windows 7 systems. The AppLocker administrator makes it easy to configure which programs you can run on your computer, which files to install, and which scripts to run. Because AppLocker is managed and configured based on Group Policy, we can easily deploy it to the entire network environment, once and for all. The following author combines the example to test and analyze this function.

1, his experiment

We log on to the system as an administrator, and by default the user can run all programs, scripts, and installation of the software without restrictions. Here's a demo: There's a program named Bginfo.exe in the D-packing directory, and it's no doubt that it can run without deploying AppLocker. Then we deploy AppLocker to see the effect: Perform "start" → "Run" and enter Pedit.msc to open the Group Policy Editor. In the left pane, navigate to Computer configuration → Windows settings → security settings → application control, and you can see the AppLocker Group Policy configuration entry. There are three configuration rules under it: Executable rules, Windows Installer rules, and scripting rules. (Figure 1)

Click the "executable rules" Group Policy item and the rule is blank by default. Right-click in the pane to select Create Default rule to generate three rules that allow all users to run applications in the program Files folder, and to allow all users to run applications in the Windows folder; Allows administrator users to run all applications. To demonstrate the effect, we double-click on the third rule to select reject to confirm the exit. Then open the command prompt to run GPUpdate update Group Policy, and finally we run the Bginfo.exe program, we can see the pop-up Warning dialog box, the application run is banned. (Figure 2)