We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Application Whitelisting

Medium Priority
1,286 Views
Last Modified: 2012-05-11
Hi Experts.
I have been asked to implement application whitelisting using Microsoft Software Restriction Policies, or similar. All up there are around 300 individual applications across the site many go through upgrades, version changes etc. Keeping track of that many applications via SRP would be painful. Not only that but testing each application and all its DLL’s and EXE’s against any policies would take weeks of work not days as the onsite I.T consultant seems to thing. What are you guys thoughts, is it recommended we do this using Microsoft SRP? Or is there a better solution available?
Advise and thoughts/suggestions would be most appreciated.
Comment
Watch Question

Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Craig PaulsenSenior Systems Engineer

Author

Commented:
thanks jax79sg, will have a read. I sorting wanting more info on the likes of advantages vs disadvantages of using Microsoft SRP.
Justin OwensITIL Problem Manager

Commented:
Are you wanting to use SRP in AD 2003 or 2008 (what is the functional level)?  Also, what is your desired end result?  It may be that SRP is a good choice, or it may be the another option would be better.  Without knowing exactly what you are wanting to accomplish, it will be very difficult to give advice one way or the other.

Have you read any documentation in SRP itself, such as this, to see if it even does what you are trying to accomplish?

DrUltima
Craig PaulsenSenior Systems Engineer

Author

Commented:
thank you for the response DrUltima, at present we are wanting to use this in AD 2003, the desired result is to allow only applications that is apart of this "whitelist" to be able to run on workstations/laptops on the domain
Justin OwensITIL Problem Manager

Commented:
Depending on how it is deployed, you can get SRP to work for you if this is your only requirement.  You will have difficulties the more exceptions to policy you make, of course, and you will have to make updates if version changes happen (Depending on setup for hash check, folder location, etc).

Honestly, it will be a lot of effort on the administration side.  This would be great for KIOSK type machines which you don't want folks to mess with at all and you don't foresee often changing.  If you are using for standard, production machines, there are more efficient ways of handling this, such as SCCM, etc.

DrUltima
Craig PaulsenSenior Systems Engineer

Author

Commented:
thanks DrUltima, I think I will try and pitch the amount of effort involved from an administration point of view, this has been pointed out by a few staff in our organization who is more familiar with Microsoft SRP.
I will look into hte SCCM option, I guess it also comes down to cost....
Justin OwensITIL Problem Manager
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Craig PaulsenSenior Systems Engineer

Author

Commented:
has given me enough ideas on how to approach this task at hand
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.