Skip to content

Latest commit

 

History

History
33 lines (21 loc) · 2.62 KB

File metadata and controls

33 lines (21 loc) · 2.62 KB

Microsoft AppLocker

Microsoft AppLocker is an application whitelisting feature built into Windows. The use of application whitelisting is one of IAD's top 10 mitigation strategies.

Formal product evaluations also support the use of Microsoft AppLocker. The Common Criteria evaluation of Windows 10 against the NIAP Protection Profile for General Purpose Operating Systems completed April 5, 2016. The Common Criteria evaluation included the optional FPT_SRP_EXT requirement for Application Whitelisting. The Assurance Activity report shows that Microsoft AppLocker in Windows 10 was evaluated and passed the FPT_SRP_EXT requirement.

Group Policy Objects containing a base whitelisting policy for both Audit mode and Enforcement mode policy are included in the SHB for Windows 10.

Importing the AppLocker Group Policy

By default, the AppLocker policy is imported configured in audit mode. To import it in enforcement mode, use the -PolicyMode option with the 'Enforced' value.

Importing the AppLocker domain Group Policy

Use the PowerShell Group Policy commands to import the AppLocker Group Policy into a domain. Run the following command on a domain controller from a PowerShell prompt running as a domain administrator.

Invoke-ApplySecureHostBaseline -Path '.\Secure-Host-Baseline' -PolicyNames 'AppLocker'

Importing the AppLocker local Group Policy

Use Microsoft's LGPO tool to apply the AppLocker Group Policy to a standalone system. Run the following command from a command prompt running as a local administrator.

Invoke-ApplySecureHostBaseline -Path '.\Secure-Host-Baseline' -PolicyNames 'AppLocker' -ToolPath '.\LGPO\lgpo.exe'

Guidance

NSA Information Assurance has a security guide for AppLocker called Application Whitelisting Using Microsoft AppLocker.

Links