For some time now there has been a really great security feature that was introduced in Windows Server 2003 and Windows XP. This feature was designed primarily to help administrators keep unwanted programs (like malware) off of their systems. No, this feature is not called AppLocker. :>) Instead, it was called: "Software Restriction Policies (SRPs)".
For myself, I both advocated and often used this feature in an attempt to take a very proactive stance in ensuring that systems did not become vassals of malware. Additionally, SRPs also provided a really good platform from which you could ensure that users only executed approved applications on their systems and for the occasional practical joke on the newbie. In other words, minus some shortcomings (like Link) SRPs should have been part of every Windows heavy organization's DID (Defense-in-Depth) approach to security. Sadly, like so many other really great and helpful built-in security thingies, to my knowledge SRPs were never really used.
Based on my understanding, SRPs went unused primarily because of the time it took to create and maintain the restriction polices. I guess that is a valid excuse, after all we IT'ers already spend a lot of our time trying to remove unapproved applications and cleaning up malware. :>) Luckily, Microsoft heard our complaints and decided to address the concerns with SRPs by introducing a Windows 7 feature called AppLocker.
Well, as Mark Russinovich was quoted as saying, "AppLocker is SRP on steroids". Hmmmmm... I do not know if I would go far, but one of the more noticeable improvements is with the ease you can create a white list of approved applications based several aspects of metadata. In other words, it's a bit easier to maintain a draconian set application restrictions regardless of how dynamic your environment it.
Hurray, let me be the first to greet our new Application Overlords!
In my next AppLocker post, I will talk about some of the finer points around using and configuring this feature. Later...
This story, "AppLocker: Like Software Restriction Policies, Improved" was originally published by Network World.