通訊！Windows生態系統：限制用戶的應用程序

Windows ecosystem generally works with 3 party applications easily while installing and running them. This creates some risk especially for the novice users. Windows administrators generally want to restrict users applications and executables to make their operating system more secure.

(資料圖片僅供參考)

Windows生態系統通?？梢栽诎惭b和運行3方應用程序時輕松使用。 尤其是對于新手用戶，這會帶來一些風險。 Windows管理員通常希望限制用戶的應用程序和可執行文件，以使其操作系統更安全。

Windows recently launched a feature named AppLocker. As its name suggests it simply restricts the executables and applications those can run on the system or user account.

Windows最近啟動了名為AppLocker的功能。 顧名思義，它只是限制了可以在系統或用戶帳戶上運行的可執行文件和應用程序。

特征 (Features)

Applocker provides different restrictions according to following situations.

Applocker根據以下情況提供不同的限制。

Which user have access to the application?哪個用戶有權訪問該應用程序？ Which users can install new application?哪些用戶可以安裝新應用程序？ Which application versions can be installed?可以安裝哪些應用程序版本？ How to audit licensed application?如何審核許可的申請？

白名單申請 (White Listing Application)

In security world there is very popular technique named While Listing. A list of software that is secure and approved is created and only this list or inventory includes applications can be installed in to the systems. Other applications are prohibited from installed unless not excepted.

在安全世界中，有一種非常流行的技術，稱為While Listing。 將創建一個安全且已批準的軟件列表，并且只有此列表或清單中包含應用程序的軟件才能安裝到系統中。 除非沒有其他限制，否則禁止安裝其他應用程序。

建立規則 (Create A Rule)

Now action starts. We will create a rule to give permission to an application to run on the windows system.

現在開始行動。 我們將創建一個規則，以授予在Windows系統上運行的應用程序權限。

打開本地組策略編輯器 (Open Local Group Policy Editor)

The new rules will be created with Local Group Application Editor. So we will open this editor easily by running following command in Windows run.

將使用“本地組應用程序編輯器”創建新規則。 因此，我們將通過在Windows run中運行以下命令來輕松打開此編輯器。

gpedit.msc

打開創建新規則表格 (Open Create New Rule Form)

We will navigate to the Applocker section with Computer Configuration-> Windows Settings-> Security Settings-> Application Control Policies

我們將通過Computer Configuration-> Windows Settings-> Security Settings-> Application Control Policies導航到Applocker部分

Open Create New Rule Form打開創建新規則表格

點擊下一步(Click Next)

Nothing else matters ??

沒關系matters

Click Next點擊下一步

決定行為(Decide Behaviour)

We should decide the behaviour of the executable in this page. We simply allow application. Also we can select the users the rules will be applied. In this situations by  default Everyone

我們應該在此頁面中確定可執行文件的行為。 我們只允許申請。 我們也可以選擇將應用規則的用戶。 在這種情況下，默認情況下Everyone

Decide Behaviour決定行為

提供可執行規則條件(Provide Executable Rule Condition)

One of the most important part is this step. We will define and identify the application we want to rule. There is 3 type of identification technique.

最重要的部分之一是此步驟。 我們將定義并標識我們要統治的應用程序。 識別技術有3種類型。

Publisherinformation is gathered from executable verified Published meta data.

Publisher信息是從可執行的經過驗證的發布元數據中收集的。

Pathinformation is simply from which location the executable resides.

Path信息只是可執行文件所在的位置。

File hashis a unique value describes the application

File hash是描述應用程序的唯一值

LEARN MORE  How To Prevent SQL Injection in Php Applications?

了解更多信息如何防止在PHP應用程序中進行SQL注入？

We will use file hash in this example.

在此示例中，我們將使用文件哈希。

Provide Executable Rule Condition提供可執行規則條件

指定可執行文件(Specify Executable File)

In this step we will select executable files one by one or by specifying the directory the executables located. As an example we have selected 7zapplication. These files hashes will be calculated automatically and stored in the created rule.

在這一步中，我們將一一選擇可執行文件，或者通過指定可執行文件所在的目錄來選擇可執行文件。 作為示例，我們選擇了7z應用程序。 這些文件哈希將自動計算并存儲在創建的規則中。

Specify Executable File指定可執行文件

提供規則名稱和描述(Provide Rule Name and Description)

As the rule vault grows and become bigger management of these rules become a nightmare. So we should select a name which is identifiable. Also we can put some description about rule.

隨著規則庫的增長和擴大，對這些規則的管理成為一場噩夢。 因此，我們應該選擇一個可識別的名稱。 我們也可以對規則進行一些描述。

Provide Rule Name and Description提供規則名稱和描述

And click to Createbutton on the left bottom side.

然后單擊左下方的Create按鈕。

創建默認規則 (Create Default Rules)

After click create we will get a warning stating that in order to prevent unexpected problems we should add default rules which are used to give required permissions to the Everyone and builtin administrators.

單擊“創建”后，我們將收到一條警告，指出為防止意外問題，我們應添加默認規則，這些規則用于向所有人和內置管理員提供必需的權限。

Create Default Rules創建默認規則

After clicking Yesfollowing rule list will appear

單擊“ Yes后，將顯示以下規則列表

Rule List規則清單

通過執行啟用Applocker規則(Enable Applocker Rules With Enforcement)

We have created our rule but is it enabled and works as we expect? Not because we should enable the AppLocker rules from its properties.

我們已經創建了規則，但是該規則已啟用并且可以按預期工作嗎？ 不是因為我們應該從其屬性啟用AppLocker規則。

打開Applocker屬性 (Open Applocker Properties)

We can open Applocker properties window like below.

我們可以打開如下所示的Applocker屬性窗口。

啟用規則 (Enable Rules)

We will just enable Configuredcheckbox of Executable ruleslike below and then select Enforce rulesand click Apply .

我們將僅啟用如下所示的“ Executable rulesConfigured復選框，然后選擇“ Enforce rules并單擊“ Apply。

I suggest you that for the first time for a little time select Auditonly. This will not enforce rules but create logs about the rules and give hints how it works and prevent accidents and lockdown.

我建議您第一次選擇“僅Audit。 這不會強制執行規則，但會創建有關規則的日志，并提示它如何工作并防止事故和鎖定。