Tuesday, September 25, 2012

5 Things You Should Know About Microsoft AppLocker

Microsoft AppLocker has also been touted as the next best thing in desktop security (in addition to UAC) but does it really satisfy all you need in order to ensure security, compliance and productivity?  The 5 things you should know about AppLocker include:
Secure Win 7 migrations
  1. AppLocker can not elevate privileges for processes.  It is designed to block or allow the execution of explicitly listed applications only.
  2. AppLocker does not allow organizations to remove administrator privileges.  If you have applications that require administrator privileges, and those applications are on the AppLocker whitelist, the users will need to be configured as administrators.
  3. In order to make AppLocker secure, you must also remove admin rights from end users.  If users are administrators they can easily circumvent AppLocker policies and even disable the AppLocker service.
  4. AppLocker does not prevent users from accessing protected areas of the filesystem.  If a user is an administrator and AppLocker is delivering a whitelist to the machine the user can still modify critical areas of the file system.
  5. Managing an AppLocker whitelist can be difficult and cumbersome.  This may not be suitable for large organizations with thousands of "line of business" applications.
Check out this whitepaper on Securing Windows 7 Migrations to uncover best practices for eliminating the misuse of privilege from your organization.