Microsoft has released the AppLocker Technical Documentation for Windows 7 and Windows Server 2008 R2 and its now available for download at the Microsoft Download Centre. The documentation provides technical guidance about understanding how AppLocker works and how to effectively plan and deploy AppLocker policies.
AppLocker is a new feature in Windows Server 2008 R2 and Windows 7 that advances the features and functionality of Software Restriction Policies. AppLocker contains new capabilities and extensions that allow you to create rules to allow or deny applications from running based on unique identities of files and to specify which users or groups can run those applications.
Using AppLocker, you can:
– Control the following types of applications: executable files (.exe and .com), scripts (.js, .ps1, .vbs, .cmd, and .bat), Windows Installer files (.msi and .msp), and DLL files (.dll and .ocx).
– Define rules based on file attributes derived from the digital signature, including the publisher, product name, file name, and file version. For example, you can create rules based on the publisher attribute that is persistent through updates, or you can create rules for a specific version of a file.
– Assign a rule to a security group or an individual user.
– Create exceptions to rules. For example, you can create a rule that allows all Windows processes to run except Registry Editor (Regedit.exe).
– Use audit-only mode to deploy the policy and understand its impact before enforcing it.
– Import and export rules. The import and export affects the entire policy. For example, if you export a policy, all of the rules from all of the rule collections are exported, including the enforcement settings for the rule collections. If you import a policy, all criteria in the existing policy are overwritten.
– Streamline creating and managing AppLocker rules by using Windows PowerShell cmdlets.
The Applocker Technical documentation includes;
– AppLocker Deploy
– AppLocker FAQ
– AppLocker Overview
– AppLocker Plan
AppLocker helps reduce administrative overhead and helps reduce the organization’s cost of managing computing resources by decreasing the number of help desk calls that result from users running unapproved applications.