Create AppLocker rules.
Apply rules and test rules.
In this exercise, you will create the executable and default AppLocker rules.
The main tasks for this exercise are as follows:
1. Create a new executable rule.
2. Enforce AppLocker rules.
Task 1: Create a new executable rule
1. Log on as Adatum\Administrator with the password Pa$$w0rd. Open the Local Group Policy
Editor.
2. Navigate to Computer Configuration > Windows Settings > Security Settings > Application
Control Policies > AppLocker. Create a new Executable rule with the following properties:
o Permissions: Deny
o Group: IT
o Program: C:\Program Files\Windows Media Player\wmplayer.exe
o Create the default rules.
Task 2: Enforce AppLocker rules
1. In Local Group Policy Editor, open the AppLocker Properties, and then configure the Executable
rules for Enforce rules.
2. Close the Local Group Policy Editor, and open a command prompt. Run the gpupdate /force
command.
At the end of the exercise, you will have successfully created the required AppLocker rule.
2: Testing the AppLocker Rules
In this exercise, you will confirm the executable rule, and then test it by logging on as a member of the IT
group.
The main tasks for this exercise are as follows:
1. Confirm the Executable Rule Enforcement.
2. Test the enforcement.
Task 1: Confirm the Executable Rule Enforcement
1. View the Windows\System log in Event Viewer. Check for event ID 1502.
2. Start the Application Identity service.
3. Log off LON-CL1
Task 2: Test the enforcement
1. Log back in as Adatum\Holly with a password Pa$$w0rd.
2. Attempt to open Windows Media Player.
3. Log off.
4. Log on as Adatum\Administrator with the password Pa$$w0rd.
5. Open Event Viewer.
6. Locate the Application and Services\Microsoft\Windows\AppLocker\EXE and DLL log.
7. Close all open windows, and log off.
Apply rules and test rules.
In this exercise, you will create the executable and default AppLocker rules.
The main tasks for this exercise are as follows:
1. Create a new executable rule.
2. Enforce AppLocker rules.
Task 1: Create a new executable rule
1. Log on as Adatum\Administrator with the password Pa$$w0rd. Open the Local Group Policy
Editor.
2. Navigate to Computer Configuration > Windows Settings > Security Settings > Application
Control Policies > AppLocker. Create a new Executable rule with the following properties:
o Permissions: Deny
o Group: IT
o Program: C:\Program Files\Windows Media Player\wmplayer.exe
o Create the default rules.
Task 2: Enforce AppLocker rules
1. In Local Group Policy Editor, open the AppLocker Properties, and then configure the Executable
rules for Enforce rules.
2. Close the Local Group Policy Editor, and open a command prompt. Run the gpupdate /force
command.
At the end of the exercise, you will have successfully created the required AppLocker rule.
2: Testing the AppLocker Rules
In this exercise, you will confirm the executable rule, and then test it by logging on as a member of the IT
group.
The main tasks for this exercise are as follows:
1. Confirm the Executable Rule Enforcement.
2. Test the enforcement.
Task 1: Confirm the Executable Rule Enforcement
1. View the Windows\System log in Event Viewer. Check for event ID 1502.
2. Start the Application Identity service.
3. Log off LON-CL1
Task 2: Test the enforcement
1. Log back in as Adatum\Holly with a password Pa$$w0rd.
2. Attempt to open Windows Media Player.
3. Log off.
4. Log on as Adatum\Administrator with the password Pa$$w0rd.
5. Open Event Viewer.
6. Locate the Application and Services\Microsoft\Windows\AppLocker\EXE and DLL log.
7. Close all open windows, and log off.
No comments:
Post a Comment