From 411e328fa1a69c8655bc3260991e40c3c75d76ac Mon Sep 17 00:00:00 2001 From: jsuther1974 Date: Sun, 24 Dec 2023 10:12:55 -0800 Subject: [PATCH] Final review of AppLocker topics --- .../applocker-policies-deployment-guide.md | 2 -- .../applocker-policies-design-guide.md | 2 +- .../applocker-technical-reference.md | 5 ++-- ...oy-the-applocker-policy-into-production.md | 2 +- ...p-policy-structure-and-rule-enforcement.md | 1 - .../document-your-applocker-rules.md | 5 ++-- ...stand-applocker-policy-design-decisions.md | 2 -- .../windows-installer-rules-in-applocker.md | 27 +++++++++---------- .../applocker/working-with-applocker-rules.md | 6 ++--- 9 files changed, 21 insertions(+), 31 deletions(-) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md index c6e633f5be..cb437f92b7 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-deployment-guide.md @@ -21,7 +21,6 @@ The following are prerequisites or recommendations to deploying policies: - Document your application control policy deployment plan by addressing these tasks: - [Understand the AppLocker policy deployment process](understand-the-applocker-policy-deployment-process.md) - [Understand AppLocker policy design decisions](understand-applocker-policy-design-decisions.md) - - [Determine your application control objectives](determine-your-application-control-objectives.md) - [Create list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md) - [Select types of rules to create](select-types-of-rules-to-create.md) - [Determine Group Policy Structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md) @@ -33,6 +32,5 @@ The following are prerequisites or recommendations to deploying policies: | --- | --- | | [Understand the AppLocker policy deployment process](understand-the-applocker-policy-deployment-process.md) | This planning and deployment article for the IT professional describes the process for using AppLocker when deploying application control policies. | | [Requirements for Deploying AppLocker Policies](requirements-for-deploying-applocker-policies.md) | This deployment article for the IT professional lists the requirements that you need to consider before you deploy AppLocker policies. | -| [Use Software Restriction Policies and AppLocker policies](using-software-restriction-policies-and-applocker-policies.md) | This article for the IT professional describes how to use Software Restriction Policies (SRP) and AppLocker policies in the same Windows deployment. | | [Create Your AppLocker policies](create-your-applocker-policies.md) | This overview article for the IT professional describes the steps to create an AppLocker policy and prepare it for deployment. | | [Deploy the AppLocker policy into production](deploy-the-applocker-policy-into-production.md) | This article for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings. | diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-design-guide.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-design-guide.md index e5bcbe1663..0299b53b2a 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-design-guide.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-policies-design-guide.md @@ -19,7 +19,7 @@ To understand if AppLocker is the correct application control solution for your | Article | Description | | --- | --- | | [Understand AppLocker policy design decisions](understand-applocker-policy-design-decisions.md) | This article describes AppLocker design questions, possible answers, and other considerations when you plan a deployment of application control policies by using AppLocker. | -| [Determine your application control objectives](determine-your-application-control-objectives.md) | This article helps you with the decisions you need to make to determine what applications to control and how to control them by comparing Software Restriction Policies (SRP) and AppLocker. | +| [Determine your application control objectives](determine-your-application-control-objectives.md) | This article helps you with the decisions you need to make to determine what applications to control and how to control them using AppLocker. | | [Create a list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md) | This article describes the process of gathering app usage requirements from each business group in order to implement application control policies by using AppLocker. | | [Select the types of rules to create](select-types-of-rules-to-create.md) | This article lists resources you can use when selecting your application control policy rules by using AppLocker. | | [Determine the Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md) | This overview article describes the process to follow when you're planning to deploy AppLocker rules. | diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference.md index 909445c4b9..0952a3d433 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference.md @@ -15,13 +15,12 @@ AppLocker lets you create rules to allow or deny apps from running based on info | Article | Description | | --- | --- | -| [What Is AppLocker?](what-is-applocker.md) | This article for the IT professional describes what AppLocker is and how its features differ from Software Restriction Policies. | +| [What Is AppLocker?](what-is-applocker.md) | This article for the IT professional describes what AppLocker is. | | [Requirements to use AppLocker](requirements-to-use-applocker.md) | This article for the IT professional lists software requirements to use AppLocker on the supported Windows operating systems. | | [AppLocker policy use scenarios](applocker-policy-use-scenarios.md) | This article for the IT professional lists the various application control scenarios in which AppLocker policies can be effectively implemented. | | [How AppLocker works](how-applocker-works-techref.md) | This article for the IT professional provides links to articles about AppLocker architecture and components, processes and interactions, rules and policies. | | [AppLocker architecture and components](applocker-architecture-and-components.md) | This article for IT professional describes AppLocker's basic architecture and its major components. | | [AppLocker processes and interactions](applocker-processes-and-interactions.md) | This article for the IT professional describes the process dependencies and interactions when AppLocker evaluates and enforces rules. | -| [AppLocker functions](applocker-functions.md) | This article for the IT professional lists the functions and security levels for the Software Restriction Policies (SRP) and AppLocker features. | +| [AppLocker functions](applocker-functions.md) | This article for the IT professional lists the functions and security levels for AppLocker. | | [Security considerations for AppLocker](security-considerations-for-applocker.md) | This article for the IT professional describes the security considerations you need to address when implementing AppLocker. | | [Tools to Use with AppLocker](tools-to-use-with-applocker.md) | This article for the IT professional describes the tools available to create and administer AppLocker policies. | -| [AppLocker Settings](applocker-settings.md) | This article for the IT professional lists the settings used by AppLocker. | diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md index 38a183679a..d2ef52adad 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/deploy-the-applocker-policy-into-production.md @@ -19,7 +19,7 @@ Before you deploy an AppLocker policy, you should determine: - For each business group, which applications to control and in what manner. For more info, see [Create a list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md). - How to handle requests for application access. For info about what to consider when developing your support policies, see [Plan for AppLocker policy management](plan-for-applocker-policy-management.md). - How to manage events, including forwarding events. For info about event management in AppLocker, see [Monitor app usage with AppLocker](monitor-application-usage-with-applocker.md). -- Your GPO structure, including how to include policies generated by Software Restriction Policies and AppLocker policies. For more info, see [Determine the Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md). +- Your GPO structure, including how to include AppLocker policies. For more info, see [Determine the Group Policy structure and rule enforcement](determine-group-policy-structure-and-rule-enforcement.md). For info about how AppLocker deployment is dependent on design decisions, see [Understand AppLocker policy design decisions](understand-applocker-policy-design-decisions.md). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md index a8e5878454..fb13e22d88 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-group-policy-structure-and-rule-enforcement.md @@ -21,7 +21,6 @@ This overview article describes the process to follow when you're planning to de When determining how many Group Policy Objects (GPOs) to create for managing AppLocker policy in your organization, you should consider the following points: - Whether you're creating new GPOs or using existing GPOs -- Whether you're implementing Software Restriction Policies (SRP) policies and AppLocker policies in the same GPO - GPO naming conventions - GPO size limits diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-applocker-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-applocker-rules.md index ce02f4d772..1d5ff7d78e 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-applocker-rules.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/document-your-applocker-rules.md @@ -10,9 +10,8 @@ ms.date: 12/22/2023 To complete this AppLocker planning document, you should first complete the following steps: -1. [Determine your application control objectives](determine-your-application-control-objectives.md) -2. [Create a list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md) -3. [Select the types of rules to create](select-types-of-rules-to-create.md) +1. [Create a list of apps deployed to each business group](create-list-of-applications-deployed-to-each-business-group.md) +2. [Select the types of rules to create](select-types-of-rules-to-create.md) Document the following items for each business group or organizational unit: diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md index 13d2116bc1..898b41da58 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md @@ -154,5 +154,3 @@ Designing application control policies based on an organizational structure that ## Record your findings The next step in the process is to record and analyze your answers to the preceding questions. If AppLocker is the right solution for your goals, you can set your application control policy objectives and plan your AppLocker rules. This process culminates in creating your planning document. - -- For info about setting your policy goals, see [Determine your application control objectives](determine-your-application-control-objectives.md). diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md index 9f51d9f474..e64e6e97ff 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/windows-installer-rules-in-applocker.md @@ -1,32 +1,29 @@ --- title: Windows Installer rules in AppLocker -description: This topic describes the file formats and available default rules for the Windows Installer rule collection. +description: This article describes the file formats and available default rules for the Windows Installer rule collection. ms.localizationpriority: medium ms.topic: conceptual -ms.date: 09/21/2017 +ms.date: 12/24/2023 --- # Windows Installer rules in AppLocker ->[!NOTE] ->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability). - -This topic describes the file formats and available default rules for the Windows Installer rule collection. +This article describes the file formats and available default rules for the Windows Installer rule collection. AppLocker defines Windows Installer rules to include only the following file formats: -- .msi -- .msp -- .mst +- .msi +- .msp +- .mst The purpose of this collection is to allow you to control the installation of files on client computers and servers through Group Policy or the Local Security Policy snap-in. The following table lists the default rules that are available for the Windows Installer rule collection. | Purpose | Name | User | Rule condition type | -| - | - | - | - | -| Allow members of the local Administrators group to run all Windows Installer files| (Default Rule) All Windows Installer files| BUILTIN\Administrators| Path: *| -| Allow all users to run Windows Installer files that are digitally signed | (Default Rule) All digitally signed Windows Installer files| Everyone| Publisher: * (all signed files)| -| Allow all users to run Windows Installer files that are located in the Windows Installer folder | (Default Rule) All Windows Installer files in %systemdrive%\Windows\Installer| Everyone| Path: %windir%\Installer\*| - -## Related topics +| --- | --- | --- | --- | +| Allow members of the local Administrators group to run all Windows Installer files| (Default Rule) All Windows Installer files| BUILTIN\Administrators| Path: *| +| Allow all users to run Windows Installer files that are digitally signed | (Default Rule) All digitally signed Windows Installer files| Everyone| Publisher: * (all signed files)| +| Allow all users to run Windows Installer files that are located in the Windows Installer folder | (Default Rule) All Windows Installer files in %systemdrive%\Windows\Installer| Everyone| Path: %windir%\Installer\*| + +## Related articles - [Understanding AppLocker default rules](understanding-applocker-default-rules.md) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules.md index fc51015576..e06ef57ede 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules.md @@ -35,10 +35,10 @@ The DLL rule collection isn't enabled by default. To learn how to enable the DLL ## Enforcement modes -AppLocker policies set an **enforcement mode** for each rule collection included in the policy. These enforcement modes are described in the following table. +AppLocker policies set an **enforcement mode** for each rule collection included in the policy. These enforcement modes are described in the following table. | Enforcement mode | Description | -| - | - | +| --- | --- | | **Not configured** | Despite the name, this enforcement mode **doesn't** mean the rules are ignored. On the contrary, if any rules exist in a rule collection that is "not configured", the rules **will be enforced** unless a policy with a higher precedence changes the enforcement mode to Audit only. Since this enforcement mode can be confusing for policy authors, you should avoid using this value in your AppLocker policies. Instead, you should choose explicitly between the remaining two options. | | **Enforce rules** | Rules are enforced. When a user runs an app affected by an AppLocker rule, the app binary is blocked. Info about the binary is added to the AppLocker event log. | | **Audit only** | Rules are audited but not enforced. When a user runs an app affected by an AppLocker rule, the app binary is allowed to run. However, the info about the binary is added to the AppLocker event log. The Audit-only enforcement mode helps you identify the apps affected by the policy before the policy is enforced. | @@ -76,7 +76,7 @@ The **File version** and **Package version** control whether a user can run a sp The following table describes how a publisher condition is applied. | Option | The publisher condition allows or denies... | -|---|---| +| --- | --- | | **All signed files** | All files signed by any publisher. | | **Publisher only** | All files signed by the named publisher. | | **Publisher and product name** | All files for the specified product signed by the named publisher. |