Applocker

honggarae 30/11/2022 420

Key Features

Failure to efficient, for example, you can easily configure a program that can run more than its version, for IT staff, this saves a lot of policy maintenance time. Using the AppLocker administrator to configure it very convenient to implement which programs can be run on your computer, which files are installed, which scripts are run. Since Applocker is based on group policy management and configuration, we can easily deploy them into the entire network environment, which is once again for all. Applocker makes a business IT administrator to configure which applications can run on your computer: including programs, installation files and scripts. You can also restrict a company's product operation, such as restricting Tencent's application, then QQ, QQGAME, etc. cannot be run.

Function

AppLocker contains three parts function:

1, executable program control;

2, installer control;

3, script control.

Some friends who have used software restriction strategies under XP may, maybe it will be dauden, but the AppLocker is easy to use.

Usage

1. This is very important. It determines if your AppLocker can take effect, right-click on the computer, manage → service, find the Application Identity service, set to Automatic start;

2, execute "Start" → "Run", enter gpedit.msc to open the Group Policy Editor. You can see the AppLocker Group Policy configuration item in the pane on the left pane.

3, right click on the "Executable Program Rules", "Installer Rules", "Script Rules", create the default rule, you can.

four, most people's procedures are not installed in C: \ ProgramFiles \ *, what should I do? Right-click on the "Executable Program Rules", "Script Rule", right click → New rules, select Allow or Reject, users maintain the default everyone (ie, any user) → Next, the path is browsed Your program or directory (preferably a directory, just get a rule, such as D: \ ProgramFiles \ *) → created.

5. Use AppLocker for the first time. After setting up, the machine must be restarted (cancellation is not available) to make the policy take effect.

six, big work, use any hanging horse website with IE, double-click any virus, as long as you do not put the virus to the path allowed by the above.

seven, questions: NMW copying from the system catalog? impossible. In a state in which the current user and its running can not read the underlying disk in the HIPS in the HIPS, the registry key outside the HIPS cannot be read, and the system disk outside the user directory cannot be written. Said that UAC is a rigorous HIPS.

eight, questions: I have some unopened green software such as registration machines, MD5 verification procedures, etc., not in the program installation directory, I have not created the allowable rules in Applocker, then I want to use Will it be very trouble? The answer is: Little is not bored, right click to run the administrator.

rule meaning

1, any user can run C: \ Windows \ * and C: \ Program Files \ * (if it is a 64-bit system, then included C: \ Program Files (86) \ *) All executable files and scripts;

2, the programs after the programs can run any location.

Note: Under this default rules, you are in a non-C: \ Windows \ * and C: \ Program Files \ * location, double click any program, the program cannot run, only right-click to run as an administrator .

FAQ

Can I run some virus samples?

A: It can be fully available, and the virus can only modify the user temporary directory User.

Non-system disk, right-click, attribute, security, editing, modification, writing, full control, special permissions, etc. of Authenticated User groups, etc., only reserved reading and execution.

This can run any poison that does not require the proposal (UAC does not prompt), but the poison cannot destroy the system, and cannot delete your important information.

Note, don't just right to relieve strangers unless you are completely confident.

I use Thunder to download the file to the D disk, but I can't save it. What should I do?

A: It doesn't matter, the new directory is specifically used to download things, which gives Authenticated users to modify, write, and complete control.

Remember to download to the security directory.

Other questions are the same, such as some people put the eDonkey profile in the eDonkey installation directory, eDonkey needs to write their own directory, what should I do?

Please call the eDonkey configuration directory config and eDonkey installation root directory The first DAT and INI files allow Authenticated users to modify, write, and complete control.

I copied a file to the D disk or I can't copy it?

Answer: You can copy it. However, the UAC will have a prompt before copying, allowed, and it is possible.

maybe someone asked: Can Firefox can upgrade? It's not a modified self-director? The answer can be upgraded, because before the upgrade, the UAC will prompt, allow, determine,

If you don't install the software, you can only install one or two software a month, you can also install your common software first.

Start menu, run, enter: gpedit.msc, Enter.

Expand: Local Computer Policy - Computer Configuration - Windows Settings - Security Settings - Local Policy - Security Options, found: User Account Control (Execution Documents to Enhance Signature and Verify Only) ), Select "Enabled" (default is disabled), application, determination, restart or logout.

This: You can run your common software normally, even if you run a virus, it is nothing, because it does not pay attention.

Why does the rule don't take effect after configuration policies?

A: AppLocker requires the system to be a UK or an enterprise version, the professional version does not support, and the Application Identity service is turned on.

Latest: Humanistic thinking

Next: Gaia Tura