Craig Paulsen
asked on
Enterprise Alternatives to Applocker
Hi Experts,
I wanting to know if there are better alternatives for managing software whitelisting, currently we use Microsoft's Applocker feature, unfortunately in an environment consisting or around 5000 end points, and 1000+ applications, it's an administrative nightmare maintaining these,
I want to point out to management we need to start looking at other options, and point out the limitations to them at the same time, and present a viable proven enterprise grade alternative,
Can you point me in the right direction please.
Many thanks
I wanting to know if there are better alternatives for managing software whitelisting, currently we use Microsoft's Applocker feature, unfortunately in an environment consisting or around 5000 end points, and 1000+ applications, it's an administrative nightmare maintaining these,
I want to point out to management we need to start looking at other options, and point out the limitations to them at the same time, and present a viable proven enterprise grade alternative,
Can you point me in the right direction please.
Many thanks
ASKER
Thanks rhandles, that's correct, we only want users to launch applications that are white listed, I will read up on app sense, never heard or used it before :)
I would also like some input whether maintaining/managing a fleet of 5000 workstations using applocker for application whitelisting is even feasible.
I would also like some input whether maintaining/managing a fleet of 5000 workstations using applocker for application whitelisting is even feasible.
Having 1000 applications to manage can be a nightmare with any alternative as well, I guess. You should think about loosening your restrictions. I mean, you didn't even mention what you're having trouble with
...but I guess you use pretty hard rules, maybe you even restrict the program files folder?
...but I guess you use pretty hard rules, maybe you even restrict the program files folder?
ASKER
Thanks again for your response, primary problem is we have several computers which is in a audit only mode security group, so app locker rules don't apply to them, and this is a security risk which management wants remidied, machine were placed in this group due to app locker interfering with various functions/features, and my predesessors just placed machines in this group to get around the problem, so even with app sense u reckon this won't be easier to manage?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
That's correct, my point was similar, if you restrict too much, it's complicated. For example: why restrict any applications in the program files folder? Only admins may write there, so no malware can write into it unless it has already elevated privileges - and then it could turn off applocker.
ASKER
thanks guys, appreciate the input, doesn't appear to be a better way of managing this process,
management won't budge on a 3rd party alternative like AppSense, given the cost associated with it, and also given the amount of software in the environment,
Also being a government organization, they will loosen up on current desktop hardening in place, so it looks like we stuck :(
management won't budge on a 3rd party alternative like AppSense, given the cost associated with it, and also given the amount of software in the environment,
Also being a government organization, they will loosen up on current desktop hardening in place, so it looks like we stuck :(
You could give it a try and go for software restriction polices but in my opinion is the older version of Applocker. And also this policy is quite hard to set-up..
You didn't yet illustrate what problem you have with your current setup. Maybe we can help you.
ASKER
hi experts, apologies for the late reply,
the problem I have is I've taken over support of a client who uses applocker, unfortunately the previous crew that supported these guys made a real mess of managing this properly, they placed nearly a 3rd of the entire fleet of machines into an applocker only sec group which doesn't enfore the any the applocker policies, several users has also been given local admin rights to get around the complexities of some applications not playing well with app locker, this has now fallen into my plate to sort out, I realize there is no silver bullet here, just wanting to get ideas where to begin, if that makes sense
the problem I have is I've taken over support of a client who uses applocker, unfortunately the previous crew that supported these guys made a real mess of managing this properly, they placed nearly a 3rd of the entire fleet of machines into an applocker only sec group which doesn't enfore the any the applocker policies, several users has also been given local admin rights to get around the complexities of some applications not playing well with app locker, this has now fallen into my plate to sort out, I realize there is no silver bullet here, just wanting to get ideas where to begin, if that makes sense
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
agree, doesn't appear to I have much options,
Also dive into logging. Applocker Logfiles can be used with real mode ("what was blocked") and also with test mode ("what would have been blocked").
ASKER
no silver bullet I was quietly hoping for, guess it's back the drawing board for us around this,
Appreciate the responses,
Appreciate the responses,
The best application around (that i'm aware of) is AppSense Application Manager. It blocks all applications but allows to startup applications you white-list and it gives you perfect messages in what to allow.