Windows 8 Enterprise Features-AppLocker
AppLocker helps administrators control which applications and files users can run. These include executable files, scripts, Windows® Installer files, DLLs, Packaged apps and Packaged app installers.
What does AppLocker do?
Using AppLocker, you can:
- Define rules based on file attributes that persist across application updates such as the publisher name (derived from the digital signature), product name, file name and file version. You can also create rules based on the file path and hash.
- Assign a rule to a security group or an individual user.
- Create exceptions to rules. For example, you can create a rule that allows all users to run all Windows binaries to run except the Registry Editor (Regedit.exe).
- Use audit-only mode to deploy the policy and understand its impact before enforcing it.
- Create rules on a staging server, test them, then export them to your production environment and import them into a Group Policy Object.
- Simplify creating and managing AppLocker rules by using Windows PowerShell cmdlets for AppLocker.
AppLocker helps reduce administrative overhead and helps reduce the organization’s cost of managing computing resources by decreasing the number of help desk calls that result from users running unapproved applications. AppLocker addresses the following application security scenarios:
- Application inventory
AppLocker has the ability to enforce its policy in an audit-only mode where all application access activity is registered in event logs. These events can be collected for further analysis. Windows PowerShell cmdlets also help you analyze this data programmatically.
- Protection against unwanted software
AppLocker has the ability to deny applications from running when you exclude them from the list of allowed applications. Once AppLocker rules are enforced in the production environment any application that is not covered by the allow rules is blocked from executing.
- Licensing conformance
AppLocker can help you create rules that preclude unlicensed software from running and restricting licensed software to authorized users.
- Software standardization
AppLocker policies can be configured to allow only supported or approved applications to run on computers within a business group. This permits a more uniform application deployment.
- Manageability improvement
AppLocker includes a number of improvements in manageability as compared to its predecessor Software Restriction Policies (SRP). Importing and exporting policies, automatic generation of rules from multiple files, audit-only mode deployment and PowerShell cmdlets are a few of the improvements over SRP.