Using AppLocker on Windows 7 Ultimate & Entreprise x86 & x64

Discussion in 'Windows 7' started by windsman, Oct 12, 2010.

  1. windsman

    windsman MDL Expert

    Jan 11, 2010
    1,341
    1,007
    60
    The concept is very close to SRP. So close that it actually replaces it. In Ultimate and Entreprise versions of Win 7, SRP, even if set up, is simply bypassed if AppLocker is set up as well. SRP is still there for means of back compatibility.

    AppLocker is located in the Local Security Policy (administration tools) at the same place you can find SRP.

    How to set it up.

    First the meaning of AppLocker is to implement a further layer of security when running in a limited user account called standard user in Win 7 and by denying the execution of executable files, script and batch files, Windows installer files, and DLL (and Activex) files that do not meet the rules configured.

    I propose to show how to create a default set of rule for AppLocker and to activate it. Sorry for the pictures, my win 7 is in French.

    First différence between SRP and Applocker :
    compare.jpg

    Under your admin account, run as admin the Local Security Policy:
    Capture 1.jpg

    In the left pane, right-click on AppLocker and select Properties.
    For every rule, tick Configured and from the drop down menu select apply rules. Once done, go to the Advanced tab, and tick to activate the DLL Rules.

    You should get this :
    Capture 2.jpg

    Just press Ok.

    Now you should see this:
    Capture 23.jpg

    Only a simple thing to do, right-click on each of the sub-menus in the left panel:
    - executable rules
    - DLL rules
    - script rules
    - Windows Installer rules,

    and select "Create default rules". This will auto-generate the by default rules (similar to SRP - but once created spend time analysing them - you will see how smart they are!)

    An example:
    Capture 3.jpg

    Now you believe you are done, but unfortunately, there is a last step to go through. this is about the activation of the windows sevice, absolutely necessary to allow the enforcement of AppLocker.

    Still under your admin account, run as admin the submenu Services in your Administration Tools, and look for the service "Application Identity (not sure about the exact name in english)

    Its true name is AppIDSvc, as you can see after doubleclicking the Application Identity line
    On this very same window, just click on start, and on the start up type, select automatic. This will start the service now and at every windows start up. Press OK and you're done.

    From now on your AppLocker policy is active, and will be at every boot!

    windsman.
     
  2. Tito

    Tito Super Mod / Adviser
    Staff Member

    Nov 30, 2009
    17,697
    15,689
    340
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...