When prompted to create the default rules, simply select “ Yes“.Īs you can see the rules have been created. Finally we click “ Create” and the core rules are generated for us. If we were to uncheck them, then that application would not be allowed to run on the server. Once the wizard runs it will report back the number of applications, and allow you to review what they are.Īs you can see from this list, it has found many executable and each one is selected telling “ AppLocker” to create a rule that will allow the application to run.
The wizard will then take us through the process of creating rules based on locations of applications.įor this we are choosing “ File Hash” as the match though path location could be used. However firstly the easiest approach is to run an automatic check to generate rules for us that we can modify later.Įxpand the “ AppLocker” node on the left, and then right click on “ Executable Rules” and choose “ Automatically Generate Rules” Once we apply this we can now start to apply policies for specific applications that will be allowed to work. In the right panel, we now need to click on the “ Configure Rule Enforcement” options and for this demonstration I am going to enable check the following options. So to change that services, open up “ services.msc” and make the change.Įnsure the service is “ Started” then we start configuring the rules. You can see the name of the service listed in the “ Configure Rule Enforcement” box. In order to use the “ AppLocker” a service needs to be changed from “ manual” to “ automatically” start.
Once this loads we need to expand the following.Įxpanding and then Clicking on “ AppLocker” will display the following in the right and left panels. To enable it open up the “ Local Security Pool” tool using “ gpedit.msc“. “ AppLocker” is not enabled by default, so we need to enable this through the “ Local Security Policy” configuration. This was introduced a few Windows versions ago, and is available in Server 2012 R2 which is what I am using within my SharePoint 2013 environment. This brings me to a features that may not be so well known in Windows called “ AppLocker“. So the question is how do we make the attack surface a little smaller?
#Applocker windows 2012 full
However right now, you have to do a full operating installation, GUI and all for SharePoint to work, too many dependencies for Server Core right now. This not only gives me great performance on the smaller spec’d machines but helps reduce the overall footprint of the servers themselves. In my demonstration environments, I now always use Server Core for SQL and also for the domain services.
#Applocker windows 2012 how to
There are many documents out there from Microsoft and others that outline how to harden Windows Servers. I have focused on hacking SharePoint, all the way to trying to secure it better for the many different types of environments that I see.Īn important part of securing SharePoint is really the hardening of the underlying services and operating systems. One of the things I speak about most frequently is Security and SharePoint.
0 kommentar(er)
