sunhux
asked on
Configuring applocker policies/rules for mass deployment via SCCM or Desktop Central to 3000 PCs
I would like to use applocker to block access for all domain users (except 10 End User support domain ids) from
accessing the following apps :
a) cmd.exe (which can be named as something else as a user may copy cmd.exe to another name, say cmm.exe)
b) mmc.exe
c) PowerShell
Q1:
Kindly provide step by step (with screen shots if possible) on how to configure the above
Q2:
Not feasible for me to go PC (or laptop) by PC to set this. Do provide a mass deployment method. We have
SCCM & Desktop Central so if the rules/policies can be saved & mass 'pushed' to all the PCs, will be good
to provide the steps
Q3:
Is applocker free for use as long as we have a Win 7 (or Win 8) licence (as in our case)?
accessing the following apps :
a) cmd.exe (which can be named as something else as a user may copy cmd.exe to another name, say cmm.exe)
b) mmc.exe
c) PowerShell
Q1:
Kindly provide step by step (with screen shots if possible) on how to configure the above
Q2:
Not feasible for me to go PC (or laptop) by PC to set this. Do provide a mass deployment method. We have
SCCM & Desktop Central so if the rules/policies can be saved & mass 'pushed' to all the PCs, will be good
to provide the steps
Q3:
Is applocker free for use as long as we have a Win 7 (or Win 8) licence (as in our case)?
David Johnson, CD
Applocker can only be enforced on enterprise versions.. if on renames an exectuable as long as it is signed you still have access to the original file name which is used for your block rules.
ASKER
Sorry, don't understand what's meant by "applocker can only be enforced on enterprise versions":
does this mean we have to buy the enterprise version to be able to propagate it across the domain's
laptops/PCs ?
does this mean we have to buy the enterprise version to be able to propagate it across the domain's
laptops/PCs ?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'm on Windows 7 enterprise actually
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You don't use SCCM you use group policies