Windows Tech Blog's is technical blog covering topics such as Windows troubleshooting, technologies and security
Tuesday, September 25, 2012
5 Things You Should Know About Microsoft AppLocker
Microsoft AppLocker has also been touted as the next best thing in desktop security (in addition to UAC) but does it really satisfy all you need in order to ensure security, compliance and productivity? The 5 things you should know about AppLocker include:
AppLocker can not elevate privileges for processes. It is designed to block or allow the execution of explicitly listed applications only.
AppLocker does not allow organizations to remove administrator privileges. If you have applications that require administrator privileges, and those applications are on the AppLocker whitelist, the users will need to be configured as administrators.
In order to make AppLocker secure, you must also remove admin rights from end users. If users are administrators they can easily circumvent AppLocker policies and even disable the AppLocker service.
AppLocker does not prevent users from accessing protected areas of the filesystem. If a user is an administrator and AppLocker is delivering a whitelist to the machine the user can still modify critical areas of the file system.
Managing an AppLocker whitelist can be difficult and cumbersome. This may not be suitable for large organizations with thousands of "line of business" applications.