Configuring Applocker in the Domain

Step-By-Step Guide on Configuring Applocker in the Domain…

As a systems admin, you might have probably wanted to deny your users to use a particular software application. This is pretty common since using some applications in some network environments is illegal.

In order to block an application, we can make user of a great feature called AppLocker available in Windows 7 and Windows Server 2008 R2. Here is a step by step guide on how to configure AppLocker in the domain or on computers in a special OU or site.

Let’s assume in this exercise you want to block the Internet Explorer on all the computers in your domain.

First of all, on your DC you need to go to Administrative Tools and open up Group Policy Management console and then right click on the Default Domain Policy and click Edit to open Group Policy Management Editor.

Then here, under Computer Configuration go to Windows Settings -> Security Settings -> Application Control Policies -> AppLocker

Before anything right-click on AppLocker and click on Properties and then under Executable Rules, click on Configured and choose Enforce rules:

And then as shown in the below photo right click on Executable Rules and choose Create New Rule:

Once you click on Create New Rule, this window will open up and you just need to click on Next:

On the next Window, you will need to select which users or groups this rule applies to and whether you want the rule to allow users or deny them to use that application. Once Configured, click Next:

On the next window choose File Hash and then click Next:

On the next windows click on Browse Files and choose Internet Explorer from your program files and then click Next:

Give the new rule a name and then click Create:

Now the new rule must have been added under Executable Rules as shown below:

Now if anyone in the domain tries to open Internet Explorer from their computer, they will receive this message, meaning that Internet Explorer has been blocked by a policy:

Windows 8

Windows 8 Security Mechanisms

We live in a world of information where all our data is maintained in a digital format.

What would be your reaction if you found out that an unknown person has accessed your profile information? How would you react if you found out that your credit card details and passwords stored in your computer have been compromised?

Microsoft has ensured that it leaves no stone unturned to ensure that its new billion-dollar venture is equipped with adequate levels of protection.

Viruses, worms and Trojans that corrupted the previous versions of Windows will not be able to tamper with Windows 8 operating system easily. Windows president Steven Sinofsky has mentioned some security features of Windows 8 at the recent Microsoft build conference and how they are derived from their predecessor operating system Windows 7.

In this article, we present an overview of the new security features of Windows 8.

Security Features of Windows 8

• Address space layout randomization (ASLR)

It involves random arrangement of base addresses of executable, libraries, heap and stack addresses in a process’s address space. The user’s code and data locations on hard drive are shuffled randomly to avoid revealing addresses to hackers. This feature was existent in Windows 7 but has been enhanced in Windows 8.

• Heap Randomization (HR)

Attackers can corrupt or cause abnormal execution of programs by overwriting data pointers located in the heap. Randomization attempts to prevent this by adding guard pages in between so that data pointers are not altered.

• Kernel mode security:

Kernel mode processes run in a special section of memory reserved for them. Microsoft has tweaked the user mode processes in Windows 8 so that they cannot access the kernel address space which means the lower 64k of process memory is not accessible by user processes.

• UEFI Secure Boot:

Drivers and applications that start along with the operating system are assigned keys by Microsoft that is verified by the operating system at startup. If the driver or application does not possess the proper key, it is not allowed to start with the operating system processes. This ensures that malware does not interfere with antivirus programs.

• Windows Defender:

Windows defender has been enhanced to identify all types of malware, virus and worm signatures from Microsoft malware protection center. Previously, the database only stored spyware and adware signatures.

Microsoft continues its support for third party antivirus and antimalware vendors while revamping their Widows defender with the help of their security development team.

Microsoft is following a security development lifecycle to ensure they do not encounter problems like those that the Windows XP users experienced in the past. Microsoft has noted the main cause of inadequate malware protection on 75% of the computers.

According to Microsoft, users fail to revamp their trial version after expiry and most of them do not update their security components regularly. Stay tuned for more security related news from Microsoft.