1) build up a Windows 7 reference computer with all the apps you want on it
2) open gpedit.msc
3) go to Computer configuration --> Windows Settings --> Security Settings --> Application Control Policies --> AppLocker --> Executable Rules
4) Right Click on Executable Rules
5) Click Automatically Generate Rules
6) choose the folder that you want to be analyzed (default is C:\Program Files) and click Next
7) Click Next
8) Click Create
9) Make any adjustments you need to the executable rules
10) In the Local Group Policy Editor, right click on AppLocker
11) Click on Export Policy and save the XML file
12) Open the Group Policy Editor for the domain
13) Create a group policy and link it to an OU (do a test OU first before doing this in production)
14) Edit the group policy
15) Go to Computer configuration --> Windows Settings --> Security Settings --> Application Control Policies --> AppLocker --> Executable Rules
16) Right click on App Locker
17) Click on Import Policy
17) Import the XML file that you saved
18) Move computers into this test OU so that they can receive the new group policy with AppLocker
0 comments:
Post a Comment
Note: Only a member of this blog may post a comment.