Solved

Applocker and security (again)

Posted on 2015-02-20
2
110 Views
Last Modified: 2015-03-17
I have searched through some threads on here regarding applocker without finding what I need. Apologies if this has been covered elsewhere.

I need to provide better security at a water plant. The plant has a Win 2012 DC server, Win7 and 8.1 workstations. They use std software (Office, ACAD) and SCADA software to control the pumps and monitor wells, tanks etc.

The preferred method to secure the computers is to use whitelisting  software, which appears to mean applocker is the way to go. I don't know how to do this. Most of the workstations have domain\users added to the local administrators group. I believe this may have to be un -done for applocker to work.  

Sooo. How do I set up applocker? I searched for applocker on the DC and came up with nothing.
0
Comment
Question by:hgj1357
2 Comments
 
LVL 80

Accepted Solution

by:
David Johnson, CD, MVP earned 250 total points
ID: 40622595
The clients version must be enterprise or higher to use applocker.
https://technet.microsoft.com/library/hh831440.aspx

NEVER NEVER have users run as admin's .. if they need admin privileges then have then use the runas options to run as an admin.
0
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 250 total points
ID: 40623208
" Most of the workstations have domain\users added to the local administrators group. I believe this may have to be un -done for applocker to work" - no, we can setup applocker so that it will rule admins, too. But local admins are a big risk anyway, so get rid of them if you can.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question