As I’d like to have the same policy for all of my clients I’ll create a GPO in AD and deploy it for the CLIENTS OU: Now I want any other non-administrative users to run only one of these programs – 7Zip and NOT MS Excel Viewer. To start with, let’s take a look at my client computer – Win10Ent (Applocker policies may be applied only to enterprise OS versions!):Īs we see there’re two recently installed programs – 7Zip and MS Excel Viewer – I’ve installed them under the TestCompany\ExAdmin account. Theoretically we must use a sample PC with the needed applications installed for creating an Applocker policy locally and then exporting it to Active Directory GPO, but for the sake of this test I will create my Applocker policy using 7Zip installed on my DC. Suppose our goal is to restrict users to run only a single third-party application installed by an administrator, for example 7Zip.
As you already may know AppLocker rules function as an “allow” list meaning that you’re allowed to run only those applications which have the corresponding allow rules in the AppLocker policy.
#APPLOCKER GPO WINDOWS 10#
In this article I’d like to show how we can use Windows AppLocker in Windows 10 Enterprise to allow only a small subset of programs to run in an enterprise environment.
0 kommentar(er)
