Model Solutions
Prerequisite.
1.
Create OU AppLocker and
move Clt01 to new OU.
2.
In the GPMC, double click
Forests: msita.local, expend until you get Group Policy Objects then right
click and then click New. In New GPO box, type AppLocker Software Control GPO,
and then click OK.
3.
On the Group Policy
Management window, right click AppLocker then click Link an Existing GPO. On
the Select GPO window, select AppLocker Software Control GPO then click OK
Deploy (on DCSrv2012) AppLocker Script
Rules using Default Rules.
1.
On the Group Policy
Management window, right click AppLocker Software Control GPO, and then click
Edit.
2.
Once the Group Policy
Management Editor open, double click Computer Configuration, expand Policies,
expand Windows Settings, expand Security Settings, expand Application Control
Policies, and then expand AppLocker.
3.
Right click Script Rules
then click Create Default Rules.
4.
Once you completed Create
Default Rules, click AppLocker, and then in the right pane, click Configure
rule enforcement.
5.
Next, In the AppLocker Properties
box, under Script rules, select the Configured check box, and then from the
drop-down menu, select Audit only.
6.
Next, In the Group Policy
Management Editor, go to System Services, and then double-click Application
Identity, click Define this policy setting, under Select service startup mode,
click Automatic, and then click OK.
7.
Next, log in to your
Windows 8 client, mine will be Clt01.msita.local, open Command Prompt and type
gpupdate /boot /force then Enter… then type gpresult /r to check the result of
the command and ensure that AppLocker Software Control GPO is displayed under
Computer Settings, Applied Group Policy Objects.
8.
Next, still on the
Windows 8 client, run Script_Rules.bat. The function is to create a new folder
on C:\.
9.
Look like my batch file
can run and now open your Windows 8 Event Viewer and lets see what is the
information available in Event Viewer…
** In the Event
Viewer window, under MSI and Scripts, you will see there are few event log 8005
that contains the following text: %OSDRIVE%\USERS\ADMINISTRATOR\DESKTOP\SCRIPT_RULES.BAT
was allowed to run.
10.
Check C:\ and view result
11.
On the Domain Server,
open AppLocker Software Control GPO and browse to Computer
Configuration/Policies/Windows Settings /Security Settings/Application Control
Policies/AppLocker, click Script Rules and then on the right pane, double click
Allow, on the Allow Properties box, click Deny and click OK to proceed, repeat
the step again for the next Allow.
12.
Next, on the Window 8
client, in the command prompt, type gpupdate /boot /force and press Enter.
13.
On the AppLocker server,
on the AppLocker Properties box, under Script rules, select the Configured
check box, and then from the drop-down menu, select Enforce rules.
14.
Next, on the windows 8
client, on CMD, run Script_Rules.bat and view result below.
15.
Open Event Viewer on the
Windows 8 client, and you should see Event ID 8007 which error stated %OSDRIVE%\USERS\ADMINISTRATOR\DESKTOP\SCRIPT_RULES.BAT
was prevented from running.
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
► Download this video, lesson for FREE
► MP4 link: updating...
► PDF link: http://adf.ly/1n3zvJ
► Youtube: updating...
► Alternate link: http://fas.li/yo8fV
► Alternate link: http://viid.me/qWYKOV► Alternate link: http://linkshrink.net/7iTu5t
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
No comments:
Post a Comment