T0masz
asked on
Security Policies - restricting executable applications to signed only
Im wondering if anyone could point me to documentation that would allow me to setup a security group policy that would restrict users in my active directory domain to executing only signed applications. I want to have implement something like the "Run Only Allowed Windows Application" rule except using authorization based on filename isnt acceptable. I want to use digital signatures as a means to restricting applications.
Tom
Tom
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Basically I wouldn't worry about that. The fact about it can be reversed using a high end pc takes time and by then the data would be of no importance.
About using digital certificates again are fall in the same class :-)
Cheers,
Rajesh
About using digital certificates again are fall in the same class :-)
Cheers,
Rajesh
ASKER
Quick question, is there any way of using digital signatures to verify .exe applications? Im curious about the security of md5 hash application, I know that its rather impossible to create another application with the same hash(been proven that its possible to generate same data but very unlikely) Im curious how often is this used in larger network enviroments?
I was under the impression that transmitting authorized hash checksums over the network would subject this to man-in-the-middle atacks... vs using digital signatures.
Tom