Matthew Hester brings us the 19th installment of our series this month with a look at Windows 8 Applocker. He writes,
“One of the Technologies we introduced with Windows 7 was AppLocker. AppLocker presented a great new way to control what applications could run on your desktop environments. Now if this sounds familiar to what Software Restriction Policies (SRP) do for your environments, it is important to understand the difference between the two. SRP are still supported and still helps to control applications in your environment. They approach the challenge differently. Fundamentally there are two ways of controlling applications:
- Block/Deny List: With this approach your create a list of all the malicious applications in the world and create rules to block them. This approach is similar to antivirus programs. As an administrator your would create deny rules for all the unwanted software that they would like to block within your business. While effective, the challenge was keeping up with the malicious software and having to create a deny rule for each application. This is essentially how SRP (in XP and Server 2003) worked, although you had allow or deny rules, it was still all based on the list.
- Allow List: With this approach you create a list of all approved software that you need in your environment and create rules to allow only those applications and block the rest. In the allow listing mode you block all unwanted software by default and allow only those applications to run that have been explicitly allowed. While this method is effective, the main challenge is you have to create a portfolio of applications for your environment. AppLocker works in the allow listing mode.”
Continue reading more here!