Protect Workers and Infrastructure, AppLocker | Microsoft QLF-00195

Protect Workers and Infrastructure

People who run unauthorized software often experience a higher incidence of malware infections and generate more help desk calls. We understand how difficult it can be for IT departments to make sure that user PCs are running only approved, licensed software. With Windows 7, you’ll get even greater control over which applications can run on PCs.

AppLocker

In Windows 7, we’ve enhanced application control policies with AppLocker, a flexible and easily adminis- tered mechanism with which you can specify exactly what is allowed to run on user PCs. As a result, you’ll be able to standardize applications for better

security and operations.

AppLocker provides simple, powerful, rule-based structures for specifying which appli- cations can run, so you get the flexibility you need in determining which users can run which applications, installation programs, and scripts. AppLocker also introduces publisher rules that are based on an application’s digital signature, which makes it possible to build rules that survive application updates. For example, you could create a rule to “allow all versions greater than 9.0 of the program Acrobat Reader to run if it’s signed by the software publisher Adobe.” In this way, when Adobe updates Acrobat, you can safely deploy the application update with- out having to build another rule for the new version of Acrobat.

With the Audit Only Enforcement Mode setting, you can determine which applica- tions are used in an organization and test rules before deploying them. When the AppLocker policy for a rule collection is set to Audit Only, rules for that rule collection are not enforced. However, before applica- tions are deployed, you can import rules into AppLocker and test them using the Audit Only enforcement mode.

AppLocker showing

executable rules.

AppLocker summary

Image 102

Microsoft QLF-00195 manual Protect Workers and Infrastructure, AppLocker

Contents

Welcome to Windows Page Your PC, simplified Contents Windows 7 for IT Professionals Page Welcome to Windows Designing Windows Market Trends that Inspired Windows Windows 7 Editions Windows 7 Starter Windows 7 Home Premium Windows 7 Enterprise / Windows 7 Ultimate Windows Anytime Upgrade Windows 7 Editions Comparison Getting Started with Windows Windows 7 Upgrade Advisor Migrating from Windows XP Windows Compatibility Center Windows Easy Transfer What’s New in Windows What’s New in Windows Top Features for IT Professionals Application and Device Compatibility Page Windows 7 for You Windows 7 for You Simplifies Everyday Tasks Works the Way You WantMakes New Things Possible Simplifies Everyday Tasks Simple to Navigate Windows Taskbar Windows Taskbar Shortcuts Program’s Jump List Jump Lists Desktop Enhancements New Peek Shortcut New Snap Shortcuts Windows Explorer New Explorer Shortcut Easier to Find Things Libraries Searching from the Start Menu Improved Search Relevance Federated Search Easy to Browse the Web Instant and Visual Search Web Slices Accelerators Smart Address Bar Find on this Page Toolbar Easy to Connect PCs and Manage Devices HomeGroup Devices in a homegroup can Share files and printers Windows Connect Now Devices and Printers Folder Device Stage Monitor Support Display Color Calibration Improved Support for External DisplaysNew Projection Shortcut High DPI Support Easy to Communicate and Share Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Writer Windows Live Family SafetyWindows Live Photo Gallery Windows Live Toolbar Works the Way You Want Speed, Reliability, and Responsiveness ReadyBoost Start, Shutdown, and ResumeSearch and Indexing Improved Memory Utilization Idle Processing Battery Life and NotificationsWindows Experience Index Adaptive Display Brightness Smart Network Power Power-Saving DVD PlaybackWake on Wireless LAN Power Efficiency Diagnostics Bit Computing Support DirectX 11 DirectCompute More Secure User Account Control Parental Controls Internet Explorer Security SmartScreen Filter Cross-Site Scripting Filter Domain Name HighlightingInPrivate Browsing Tab Isolation and Crash Recovery InPrivate FilteringData Execution Prevention Windows Filtering Platform BitLockerBitLocker To Go Backup and Restore System Restore Compatible With You Aero Themes and Aero Background Gadgets Windows XP Mode Global and Cultural Relevance Access Your Windows 7-based PC’s Network Connections Access USB DevicesShare Files and Folders Better Troubleshooting and Problem Solving Action Center Windows Troubleshooting Built-in Troubleshooters in Windows Troubleshooter Description Startup Repair Makes New Things Possible Media the Way You Want It Windows Media Center Internet TVDigital TV Sharing TV around the Home Enhanced UI Now Playing Mode Windows Media PlayerListen to and View More Media Improved Content Filtering Better Access to your Media Media Streaming Play ToPage Remote Media Streaming Outstanding Sound Gaming Games Explorer Bit Gaming DirectX Direct3D View Available Networks Work AnywhereLocation Aware Printing Mobile Broadband DirectAccess Offline Access to Network SourcesVPN Reconnect XPS Documents New Ways to Engage Windows Touch New Ways to Engage Tablet PC Enhancements Speech AccessibilityNew Accessibility Shortcuts MagnifierPage Windows 7 for IT Pros Windows 7 for IT Pros Make People Productive Anywhere Make People Productive Anywhere Search and Federated Search Enterprise Search Scopes Access Information from Anywhere More Secure Access and PC Management with DirectAccess VPN Reconnect RemoteApp and Desktop Connections Folder Redirection and Offline Files Improved Roaming User Profiles BranchCache Transparent Caching Manage Risk Through Enhanced Security and Control Easier Deployment and Management of BitLocker Managing BitLocker To Go Protect Workers and Infrastructure AppLocker Builds on Windows Vista Security Foundation Multiple Active Firewall Profiles Streamlined User Account Control Improved Smart Card SupportEnhanced Audit Domain Name System Security Extensions 104 Reduce Costs by Streamlining PC Management Deployment Image Servicing and Management Dynamic Driver ProvisioningMulticast Multiple Stream Transfer User State Migration Tool VHD Image Management and Deployment Flexible Deployment of Internet Explorer Keep PCs Running Smoothly Automation Improvements Group Policy Improvements Internet Explorer 8 Group Policy URL-based Quality of ServiceGroup Policy Preferences Starter Group Policy Objects Troubleshooting and Support Problem Steps RecorderWindows Recovery Environment Windows RE Windows Troubleshooting Platform Remote Access to Reliability DataUnified Tracing Graphics VHD BootRicher Remoting Experience Audio Microsoft Desktop Optimization Pack Microsoft Application Virtualization Microsoft Asset Inventory Service Microsoft Advanced Group Policy Management Microsoft Diagnostics and Recovery Toolset Microsoft System Center Desktop Error Monitoring Microsoft Enterprise Desktop Virtualization Windows 7 Hardware and Software Logo Program Compatibility Goals Reliability Goals Compatible with Windows 7 Logo Recommended System Requirements 124 How to Find More Information Resources for IT Pros Resources for Device Manufacturers Expanded Editions Feature Comparison Starter Starter Home Premium Feature Comparison Chart Benefit Feature Windows XP Windows Vista 132 Snap Window Arrangement AccessibilityWindows Taskbar Peek Installation Options for Upgrading Your PC to Windows Index 136 Windows 7 Logo Program 138