Happy Monday everyone. It’s Day Nineteen of our Launch Series, which means that there are only three more days until Windows 7 appears on store shelves! Today, we’re going to provide a really quick overview of AppLocker, which is a new feature in Windows 7 and Windows Server 2008 R2. AppLocker replaces the Software Restriction Policies (SRP’s) that many of you are probably familiar with. With AppLocker, an administrator has the ability to control how users run all types of applications – scripts, excecutables, Windows Installer files (.msi and .msp files) and Dynamic Link Libraries (DLL’s). Seasoned admins have probably made use of SRP’s in the past, but some of you may be wondering why this is even an issue.
Most of us on the Performance team were IT Administrators at one time or another prior to joining Microsoft. Believe me when I tell you that we all have our fair share of horror stories. We’ve all been in environments where end-users have brought in software from home or downloaded some sort of shareware or freeware and installed it on their machine. In most of these cases, there was no real business need for these apps – let’s face it, is having a “cool” screensaver really a justifiable business application? Probably not in the vast majority of cases. Of course, almost inevitably, the software would cause other issues – leading to more helpdesk calls, some fairly angry end-users and of course, some really angry IT folks. Enter SRP’s, where administrators could create rules and policies to block the installation of some of the more … popular … pieces of unauthorized software. We’re really not going to get into the workings of Software Restriction Policies – if you need more information, refer to this TechNet Article .
Getting back to AppLocker, there are several enhancements:
AppLocker requires the Application Identity Service. This service performs all of the rule conversions for the AppLocker policy. In order for an AppLocker policy to be evaluated on the system, the services has to be started. The Application Identity is set to Manual by default.
The effects of AppLocker rules may be viewed in the AppLocker Operational event channel in Event Viewer. Each event in the AppLocker operational log contains the following information:
Something to note – AppLocker rule and Software Restriction Policy rules are completely separate. You cannot use AppLocker rules to manage pre-Windows 7 systems. If you define any AppLocker rules in a GPO, only those rules will be applied. In other words, you should define your AppLocker rules in a separate GPO from your SRP rules to ensure interoperability.
And that’s all for AppLocker. The resources below have more information. Tomorrow, Jerry Ciferri will provide a quick overview of Windows Federated Search.
- Dane Smart
|Share this post :||
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.