So with Windows 7 i usually created Software Restriction Rules like that: -New Software Restrictions -add the Additional Rule for x86 Program Files Folder -Remove LNK from Designated File Formats -Enforce it on All Software, All Users except Admins -Set Security Level - Disallowed to default This adds a security layer that makes it almost impossible for a virus to infect a PC because there is no Folder that a Standard User can write to and execute from. I tried to do the same in Windows 8 but end up with a nonfunctional desktop. Probably blocking some metro crap. Any advice? Couldnt find any Windows 8 specific tutorials. Thanks in advance
appreciate you bringing this up, as I would like to explore this feature when i boot my enterprise later one thing I started using is encryption built in win8, creating virtual hard drive and encrypting them. That I like better than using third party software. Now,I am looking forward to checking this app locker joint, and see if i can implement it in my systems somehow if I see a need.
oh i thought i had answered yesterday but must've forgotten to submit so does anybody know a tutorial to achieve the same i did with srp now with applocker already looked at ms page but it is just pages and pages of yadayada and right now I just don't have the time to learn how this stuff works also there are a few things that don't seem to work with applocker and they say you can use both, whatever i'd be happy if i could just do what i did before: Have no folder that a standard user can write to and execute from
Thanks for your links. So, I'm running W8 Enterprise and I created the default rules for executables under Applocker and changed the dropdown for for executable rules enforcement to "enforce rules". The default rules it creates are pretty much the same as in SRP. It allows everyone to execute from windows and program files folders and another rule to allow administrators to run every executable. Not sure where the 'deny everything thats not allowed' part is specified or if thats even necessary. So afterwards I switched to a standard user account and tried to run teamviewer_qs.exe from desktop to test the enforcement. Of course I could still run it. Couldn't just work like that. It's MS not Apple. (kidding, i hate apple just as much) So I changed the Application Identity service from "manually" to "automatic" and started it. Still no difference. Can run every exe no matter where it sits. So what did I miss? Thanks in advance
thanks for deleting all of vymrdals post WTF? i know he was known to be a bit impolite at times but what did he do to deserve to be banned? My question still stands btw.
So, did you manage to make this work? I can't make SRP rules apply to the admin account. EDIT: Never mind, it suddenly started to work. (after waking from hibernation) (And AppLocker is also kinda useless for the local admin account in Windows 8.)