• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 217
  • Last Modified:

Security Policies - restricting executable applications to signed only

Im wondering if anyone could point me to documentation that would allow me to setup a security group policy that would restrict users in my active directory domain to executing only signed applications. I want to have implement something like the "Run Only Allowed Windows Application" rule except using authorization based on filename isnt acceptable. I want to use digital signatures as a means to restricting applications.

Tom
0
T0masz
Asked:
T0masz
  • 2
1 Solution
 
rsivanandanCommented:
0
 
T0maszAuthor Commented:
Thanks, its pretty much all I needed :)

Quick question, is there any way of using digital signatures to verify .exe applications? Im curious about the security of md5 hash application, I know that its rather impossible to create another application with the same hash(been proven that its possible to generate same data but very unlikely) Im curious how often is this used in larger network enviroments?
I was under the impression that transmitting authorized hash checksums over the network would subject this to man-in-the-middle atacks... vs using digital signatures.

Tom
0
 
rsivanandanCommented:
Basically I wouldn't worry about that. The fact about it can be reversed using a high end pc takes time and by then the data would be of no importance.

About using digital certificates again are fall in the same class :-)

Cheers,
Rajesh
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now