Windows 7 Applocker: Guide to setup in whitelisting mode?

D

dabomb

2[H]4U
Joined
Apr 12, 2001
Messages
2,393
Applocker is present in Win7Ultimate & Win7Enterprise. I would like to set up several workstations in my test lab with Applocker configured to run only the applications in the whitelist. I have read that this is possible but am having a hard time finding a guide or even tips & tricks for setting it up in this fashion. This is a powerful tool and can prevent your system from booting or cause performance issues if used incorrectly. I'm looking for a guide that can help me achieve whitelisting all the system processes the correct way, and best practices for whitelisting apps used in my organization.

Has anybody attempted this yet? If my tests are successful I plan to implement Applocker on all workstations when Windows 7 is rolled out to all computers on our domain (about 130 workstations.)
 
heatlesssun said:
Have you seen these? I've played with AppLocker and its very neat.

http://technet.microsoft.com/en-us/library/dd548340(WS.10).aspx

http://www.bing.com/videos/watch/vi...0d82679498ed326414cd0d82679498e-1600186352278
Click to expand...

Yes. They are very brief and just provide basic overviews. I had been hoping to find something more comprehensive (and if possible not a video).

My main questions are:
1) I install windows7, enable the AppId service, and create default rules
2) I install required apps and then run the auto rule generation on the three rule types
3) I'm now protected? So now nothing (malware, virus, etc) should be able to execute if I did this all on a clean system? Do I need to manually create any rules? When I install a new app should I run auto generation again? Is it better to just manually create the rule when I install a new app? What type of rule is best to use? How come when I install a program when the AppId service is off it still runs when it is turned back on without creating a rule?
 
You must log in or register to reply here.
Back
Top