BlackList and WhiteList with windows server 2012r2 in Domain?

I’m trying to create Blacklist and Whitelist which dissallow or allow users in my domain installing certain softwares, programs.

I just create a GPO in Company A OU, didn’t modify anything.

When I using a user (name is KT1), login domain, I can’t install teamview, cool edit pro, … any .exe file. But navicat (.exe) file still can install in 😀 partition, while :C partition dissallow.

I dont understand what is default setup for it, how to setup black list, whitelist, how does it work…

Please help me! I need some reference, or some explaining…

Tks you


AppLocker Overview

  • Define rules based on file attributes that persist across application updates, such as the publisher name (derived from the digital signature), product name, file name, and file version. You can also create rules based on the file path and hash.

  • Assign a rule to a security group or an individual user.

  • Create exceptions to rules. For example, you can create a rule that allows all users to run all Windows binaries except the Registry Editor (Regedit.exe).

  • Use audit-only mode to deploy the policy and understand its impact before enforcing it.

  • Create rules on a staging server, test them, then export them to your production environment and import them into a Group Policy Object.

  • Simplify creating and managing AppLocker rules by using Windows PowerShell cmdlets for AppLocker.

AppLocker Step-by-Step Scenarios

Source : Link , Question Author : Hưng Híp , Answer Author : Greg Askew

Leave a Comment