You are Here
Secure apps with AppLocker
Technology

Secure apps with AppLocker

Loading


2021-03-27 10:47:06

Read moreComputer giant Acer was hit by a ransomware attack, facing an unprecedented high ransom

Applocker is another level of security and its purpose is to restrict or allow access to software within a specific group of users.

Today, a lot of applications don’t need admin access to run, like IT Pro, because this is a threat to your environment.

Read moreUnable to open for sale in Vietnam, Bphone exported the first shipment to Europe, exclusively for the VIP and the VIP

While installing and configuring Applocker can increase cybersecurity and protect your data from any unauthorized access.

If you’re thinking why use Applocker, the answer is here. You can use it to protect against unwanted software, standardize or administer software.

Read moreTop 9 best free messaging apps in Vietnam today

In today’s post, Make tech easier will guide you on how to install and deploy via GPO Applocker in specific servers.

Applocker can be deployed in the following versions of Windows:

  • Windows 10 Enterprise
  • Windows Server 2012, 2016, 2019
Read moreSmart contact lenses that display data that bring science fiction to life

Before starting to deploy Applocker, you must know exactly which applications are allowed to run. This is the most important step because if you try to apply Applocker without recording the required applications then you will create a lot of problems for users and day-to-day operations of the company.

In case you’re not 100% sure what apps should be allowed, you can use Applocker in Audit Mode to identify all the apps.

How to activate Applocker

Read moreWhat is a mini washing machine? Should I buy a mini washing machine?

Log in to the Domain Controller and open it Group Policy Management.

Right-click on the OU (Organization Unit) you want to create the Applocker Policy and select Create a GPO in this Domain and link it here.

Select Create a GPO in this Domain and link it here
Read moreThe Samsung Galaxy Note will return next year

Enter a favorite name and press OK.

Now, click on the new policy and in Security FilteringClick Add and select the group Domain Computers or any other groups you’ve created, including Servers or Workstations you want to deploy it.

Read moreHow to withdraw money using Vietcombank QR code

Remember to include a specific OU that links the Applocker GPO. If not, you must link the GPO in the OU that includes all the servers or workstations where you want to deploy Applocker.

Choose a group
Choose a group

Right click on the new policy and select Edit.

Read moreBeing 'banned' by Twitter and Facebook, Mr. Trump set up a new social network to 'cut the wind'

Go:

Computer ConfigurationWindows SettingsSecurity SettingsApplication Control PoliciesApplocker

Extend Applocker.

Read moreHow to use AppLocker to allow or block executable files from running in Windows 10

Right click Executable Rules and choose Create Default Rules.

Select Create Default Rules
Select Create Default Rules

The default rules are:

  • All files located in the Program Files folder (All files are in the Program Files folder)
  • All files located in the Windows folder (All files are in Windows folder)
  • All files for the Builtin Administrators Group (All files for Builtin Administrators Group)
Read moreHuawei P50 delayed its launch, due to the incomplete HarmonyOS operating system

Until you get familiar with Applocker, you should leave these rules as is if you don’t want to break everything.

Default rules
Default rules

Right click Applocker and choose Properties.

Select Properties
Select Properties
Read moreWhat is March 22?

Check it Configured and choose Audit Only.

Select Audit Only
Select Audit Only

Regime Audit Only Do not allow or deny logging in Event Viewer.

Read moreSamsung is likely to produce Kirin chips for Huawei

In this way, you can determine if all applications must be running or not before starting to enforce Applocker rules.

How to implement Applocker GPO

Don’t create any rules until you have verified that Applocker works without issue.

Read moreInstructions to create subscript, exponent in Google Docs

You can deploy the Applocker in the test server until you are familiar with and identified any problems.

To run Applocker, you must start the service Application Identity in the server you want to deploy.

Read moreTechnology - the key for LG to create impressive washing machines in the market

In the Applocker GPO, go to:

Computer ConfigurationWindows SettingsSecurity SettingSystem Services

Find the service Application Identity.

Find the Application Identity service
Find the Application Identity service
Read more12-digit Meaning on Citizen Card

Right click on the service and select Properties.

Choose Define this policy Settings.

Read more6 details you need to know about MonsterVerse before Godzilla vs. Godzilla. Kong will be released on March 26

Choose Automatic.

Press OK.

Read moreDE, upgraded terminal, new tool and Kali ARM for Apple M1

Now, when you apply Applocker GPO, service Application Identity will start.

When applying Applocker GPO, the Application Identity service will start
When applying Applocker GPO, the Application Identity service will start

Log in to the server where you want to deploy Applocker, open Command Prompt, and run:

gpupdate /force
Read moreThe mysterious messages are installed by the MCU into Falcon & The Winter Soldier episode 1

Restart the server.

How to verify that Applocker is running in the server or the workstation

After the server has restarted, it is necessary to verify that Applocker is running:

Read moreHow to get stone to evolve Wukong with Wukong Noodle Gia Lien Quan event

Open Event Viewer.

Extend:

Application and Services LogsMicrosoftApplocker
Read moreHow to use Apple's iCloud Photos to Google Photos transfer service

Click Execute DLL.

Verify that Event ID 8001 exist.

Verify that Event ID 8001 exists
Verify that Event ID 8001 exists

How to create Applocker rules

Read moreHackers used 11 zero-day vulnerabilities to attack Windows, iOS, and Android users

After you have seen what applications are running on the server, you can now create the Applocker rules you need.

Open Applocker GPO.

Read moreIt takes 10 million years for life on Earth to recover from "The Great Dying".

Right click Executable Rules and choose Create New Rule.

Select Create New Rule
Select Create New Rule

Press next.

Click Next
Click Next
Read moreHow to turn a photo into a coloring photo

Determine whether you want to allow or deny and select the appropriate group.

Choose the appropriate group
Choose the appropriate group

Choose how you want to locate the application.

Choose how you want to locate the application
Choose how you want to locate the application
Read moreSnapdragon 888 gaming phone, 165Hz screen, 120W fast charger

Note that if you choose Path Since the Domain Controller has no application to go from path, you can do the following.

Select Path
Select Path

Open Event Viewer in the server or workstation running Applocker and copy / paste Path from Logs.

Copy the path
Copy the path
Read moreWhat is Eco White DTCL, how to play Eco White DTCL

Now, click Next.

Press next again unless you want to add an exception.

Add an exception
Add an exception
Read moreGoogle added a "Reading list" feature to Chrome, and here's how to use it

Enter a name and click Create.

Click Create
Click Create

Go to the server or workstation and check if the rule is applied as follows:

Read moreThe steganography technique can hide malicious files in images on Twitter

Extend:

Application and Services LogsMicrosoftApplocker

Click Execute DLL.

Read moreQuitting Google started and created 12 successful startups, holding a fortune larger than Jack Ma at the age of 40

Verify that Event ID 8002 with your application exists

Applocker is not difficult to apply. The most difficult thing is to prepare all the necessary requirements before applying Applocker to avoid damaging something in your environment.

Read moreTelegram vs WhatsApp comparison: Which app should you choose?

.

#Secure #apps #AppLocker

Share
Facebook Twitter Pinterest Linkedin

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *