GPO - AppLocker

时间:2021-07-19 17:57:58

AppLocker can help you:

  • Define rules based on file attributes that persist across app updates, such as the publisher name (derived from the digital signature), product name, file name, and file version. You can also create rules based on the file path and hash.
  • Assign a rule to a security group or an individual user.
  • Create exceptions to rules. For example, you can create a rule that allows all users to run all Windows binaries, except the Registry Editor (regedit.exe).
  • Use audit-only mode to deploy the policy and understand its impact before enforcing it.
  • Create rules on a staging server, test them, then export them to your production environment and import them into a Group Policy Object.
  • Simplify creating and managing AppLocker rules by using Windows PowerShell.

Refer to:https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview

Set the AppLocker Properties to Enforce rules:

GPO - AppLocker

 

 

Create default rules for each item:

GPO - AppLocker

 

 GPO - AppLocker

 

 GPO - AppLocker

 

 GPO - AppLocker

 

 Create Executable Rules for Specific application.

GPO - AppLocker

 

 GPO - AppLocker

 

 GPO - AppLocker

 

 GPO - AppLocker

 

 GPO - AppLocker

 

 Set the Application Identity Properties to Automatic Module.

GPO - AppLocker

 

 Enable enforced module.

GPO - AppLocker