Windows 7 application execution control with AppLocker
Chris Sanders at Windows Securty.com has just published a deep dive into AppLocker here
Introduction taken from Chris’s guide:
AppLocker is a new feature available in Windows 7 and Windows Server 2008 R2 that helps to prevent the use of unknown or unwanted applications within a network. Its functionality boasts both security and compliance benefits for a wide array of organizational environments.
As a mischievous kid growing up in rural Kentucky I was very aware of the concept of rules. Whether it was cleaning my plate before I left the table at supper time or making sure the animals were fed before bed, the rules were in place for a reason. Of course, I was also very aware that breaking the rules resulted in consequences. Albeit an effective means of making sure I followed the rules, this was not always 100% effective. A prime example of this was the “no cookies before supper” rule. Although I was sure to get a switch to my tail end if I ruined my appetite, I could not always resist the temptation. That being the case, after my Mom tired of that method, she changed her means of rule enforcement. Realizing I was significantly shorter than her, the cookies got moved to the top shelf of the pantry very much out of my reach. At this point, I could not break the rules if I tried.
The moral of this story is that although rules can have consequences, sometimes we have to put rules in place that do not just discipline people for breaking them, but that prevent people from breaking them. This related to my cookie infatuation growing up and it relates to keeping users secure and compliant today.
The desire to block particular applications from running on network computers is not new by any means, but the methods of doing so have continued to evolve over time. In previous cases network administrators may have found this task best served by the use of third party software, however, the advent of AppLocker in Windows 7 and Windows Server 2008 R2 allows for application execution restriction on a very useful level. AppLocker is the next evolution of Windows Software Restriction Policies.