Scribd Logo
Unggah

Selamat datang di Scribd!

  • MOAC 70-687 L07 Software Restriction and App Locker

    Diunggah oleh

    mparmer3
    29 tayangan22 halaman
    Powerpoint presentation on the software restriction of windows 8.1

    Hak Cipta

    © © All Rights Reserved

    Format Tersedia

    PPTX, PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    Powerpoint presentation on the software restriction of windows 8.1

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai PPTX, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    29 tayangan22 halaman

    MOAC 70-687 L07 Software Restriction and App Locker

    Diunggah oleh

    mparmer3
    Powerpoint presentation on the software restriction of windows 8.1

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai PPTX, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 22

    Lesson 7: Controlling

    Access to Local Hardware


    and Applications
    MOAC 70-687: Configuring Windows 8
    Controlling Device
    Installation
    The Device Installation Restrictions folder in a
    GPO contains policy settings that enable you to
    prevent Windows computers from installing and
    updating device drivers under specific
    conditions.
    The policies in the Computer
    Configuration/Policies/Administrative
    Templates/System/Device Installation/Device
    Installation Restrictions folder enable you to
    specify if or when the computers on your
    network can install drivers for hardware devices.
    2013 John Wiley & Sons, Inc.
    2
    Controlling Device Installation
    The Device Installation Restrictions policies
    2013 John Wiley & Sons, Inc. 3
    Controlling Removable
    Storage Access
    For control over access to specific types of
    removable storage at the computer level,
    use the policy settings in the Computer
    Configuration/Policies/Administrative
    Templates/System/Device Installation/
    Removable Storage Access folder.
    For control at the user level, the same
    policies appear in the User
    Configuration/Policies/Administrative
    Templates/System/Removable Storage
    Access folder.
    2013 John Wiley & Sons, Inc.
    4
    Controlling Removable
    Storage Access
    The Removable Storage Access policies
    2013 John Wiley & Sons, Inc. 5
    Configuring Application
    Restrictions
    Lesson 7: Controlling Access to Local Hardware
    and Applications
    2013 John Wiley & Sons, Inc. 6
    Software Restriction
    Policies
    Software restriction policies are Group Policy
    settings that enable administrators to specify
    the programs that are allowed to run on
    workstations by creating rules of various
    types.
    2013 John Wiley & Sons, Inc.
    7
    Software Restriction
    Policy Rules
    The software restriction policy rules that you
    can create include:
    o Certificate rules
    o Hash rules
    o Network zone rules
    o Path rules

    2013 John Wiley & Sons, Inc.
    8
    Creating Rules
    To create rules:
    1. Open a Group Policy object (GPO) and browse
    to Computer Configuration\Policies\Windows
    Settings\Security Settings\Software Restriction
    Policies.
    2. Right-click the Software Restriction Polices
    object.
    3. From the context menu, select New Software
    Restriction Policies.
    You create new rules of your own in the
    Additional Rules folder, using the dialog box.
    2013 John Wiley & Sons, Inc.
    9
    Creating Rules
    Software Restriction Policies
    2013 John Wiley & Sons, Inc. 10
    Creating Rules
    The New Path Rule dialog box
    2013 John Wiley & Sons, Inc. 11
    Rule Settings
    The three possible settings are
    Disallowed: Prevents an application
    matching a rule from running.
    Basic user: Allows all applications not
    requiring administrative privileges to run.
    Allows applications that do require
    administrative privileges to run only if they
    match a rule.
    Unrestricted: Allows an application
    matching a rule to run.
    2013 John Wiley & Sons, Inc.
    12
    Using AppLocker
    AppLocker, also known as application
    control policies, is essentially an updated
    version of the concept implemented in
    software restriction policies.
    AppLocker uses rules, which administrators
    must manage.
    Creating the rules is much easier because of
    a wizard-based interface.
    2013 John Wiley & Sons, Inc.
    13
    Understanding Rule
    Types
    The AppLocker settings are located in Group
    Policy objects in the Computer
    Configuration\Policies\Windows
    Settings\Security Settings\Application Control
    Policies\AppLocker container.
    In the AppLocker container, there are four
    nodes that contain the basic rule types:
    o Executable Rules
    o Windows Installer Rules
    o Script Rules
    o Packaged app Rules

    2013 John Wiley & Sons, Inc.
    14
    Understanding Rule Types
    The AppLocker container in a GPO
    2013 John Wiley & Sons, Inc. 15
    Creating Default Rules
    To use AppLocker, create rules that enable
    users to access the files needed for Windows
    and the systems installed applications to
    run.
    The simplest way to do this is to right-click
    each of the three rules containers and
    select Create Default Rules from the context
    menu.
    2013 John Wiley & Sons, Inc.
    16
    Creating Default Rules
    The default AppLocker executable rules
    2013 John Wiley & Sons, Inc. 17
    Creating Rules
    Automatically
    When you right-click one of the three rules
    containers and select Create Rules
    Automatically from the context menu, an
    Automatically Generate Rules Wizard appears.
    After specifying the folder to be analyzed and
    the users or groups to which the rules should
    apply, a Rule Preferences page appears.
    The wizard then displays a summary of its results
    in the Review Rules page and adds the rules to
    the container.

    2013 John Wiley & Sons, Inc.
    18
    Creating Rules Automatically
    The Automatically Generate Executable Rules Wizard
    2013 John Wiley & Sons, Inc. 19
    Creating Rules Automatically
    The Rule Preferences page of the Automatically
    Generate Executable Rules Wizard
    2013 John Wiley & Sons, Inc. 20
    Creating Rules Automatically
    The Review Rules page of the Automatically Generate
    Executable Rules Wizard
    2013 John Wiley & Sons, Inc. 21
    Creating Rules Manually
    You can create rules manually using a
    wizard.
    To start the wizard, select Create New Rule
    from the context menu for one of the three
    rule containers.
    The wizard prompts you for:
    o Action
    o User or group
    o Conditions
    o Exceptions
    2013 John Wiley & Sons, Inc.
    22

    Anda mungkin juga menyukai