通讯！Windows生态系统：限制用户的应用程序

Windows ecosystem generally works with 3 party applications easily while installing and running them. This creates some risk especially for the novice users. Windows administrators generally want to restrict users applications and executables to make their operating system more secure.

(资料图片仅供参考)

Windows生态系统通常可以在安装和运行3方应用程序时轻松使用。 尤其是对于新手用户，这会带来一些风险。 Windows管理员通常希望限制用户的应用程序和可执行文件，以使其操作系统更安全。

Windows recently launched a feature named AppLocker. As its name suggests it simply restricts the executables and applications those can run on the system or user account.

Windows最近启动了名为AppLocker的功能。 顾名思义，它只是限制了可以在系统或用户帐户上运行的可执行文件和应用程序。

特征 (Features)

Applocker provides different restrictions according to following situations.

Applocker根据以下情况提供不同的限制。

Which user have access to the application?哪个用户有权访问该应用程序？ Which users can install new application?哪些用户可以安装新应用程序？ Which application versions can be installed?可以安装哪些应用程序版本？ How to audit licensed application?如何审核许可的申请？

白名单申请 (White Listing Application)

In security world there is very popular technique named While Listing. A list of software that is secure and approved is created and only this list or inventory includes applications can be installed in to the systems. Other applications are prohibited from installed unless not excepted.

在安全世界中，有一种非常流行的技术，称为While Listing。 将创建一个安全且已批准的软件列表，并且只有此列表或清单中包含应用程序的软件才能安装到系统中。 除非没有其他限制，否则禁止安装其他应用程序。

建立规则 (Create A Rule)

Now action starts. We will create a rule to give permission to an application to run on the windows system.

现在开始行动。 我们将创建一个规则，以授予在Windows系统上运行的应用程序权限。

打开本地组策略编辑器 (Open Local Group Policy Editor)

The new rules will be created with Local Group Application Editor. So we will open this editor easily by running following command in Windows run.

将使用“本地组应用程序编辑器”创建新规则。 因此，我们将通过在Windows run中运行以下命令来轻松打开此编辑器。

gpedit.msc

打开创建新规则表格 (Open Create New Rule Form)

We will navigate to the Applocker section with Computer Configuration-> Windows Settings-> Security Settings-> Application Control Policies

我们将通过Computer Configuration-> Windows Settings-> Security Settings-> Application Control Policies导航到Applocker部分

Open Create New Rule Form打开创建新规则表格

点击下一步(Click Next)

Nothing else matters 😉

没关系matters

Click Next点击下一步

决定行为(Decide Behaviour)

We should decide the behaviour of the executable in this page. We simply allow application. Also we can select the users the rules will be applied. In this situations by  default Everyone

我们应该在此页面中确定可执行文件的行为。 我们只允许申请。 我们也可以选择将应用规则的用户。 在这种情况下，默认情况下Everyone

Decide Behaviour决定行为

提供可执行规则条件(Provide Executable Rule Condition)

One of the most important part is this step. We will define and identify the application we want to rule. There is 3 type of identification technique.

最重要的部分之一是此步骤。 我们将定义并标识我们要统治的应用程序。 识别技术有3种类型。

Publisherinformation is gathered from executable verified Published meta data.

Publisher信息是从可执行的经过验证的发布元数据中收集的。

Pathinformation is simply from which location the executable resides.

Path信息只是可执行文件所在的位置。

File hashis a unique value describes the application

File hash是描述应用程序的唯一值

LEARN MORE  How To Prevent SQL Injection in Php Applications?

了解更多信息如何防止在PHP应用程序中进行SQL注入？

We will use file hash in this example.

在此示例中，我们将使用文件哈希。

Provide Executable Rule Condition提供可执行规则条件

指定可执行文件(Specify Executable File)

In this step we will select executable files one by one or by specifying the directory the executables located. As an example we have selected 7zapplication. These files hashes will be calculated automatically and stored in the created rule.

在这一步中，我们将一一选择可执行文件，或者通过指定可执行文件所在的目录来选择可执行文件。 作为示例，我们选择了7z应用程序。 这些文件哈希将自动计算并存储在创建的规则中。

Specify Executable File指定可执行文件

提供规则名称和描述(Provide Rule Name and Description)

As the rule vault grows and become bigger management of these rules become a nightmare. So we should select a name which is identifiable. Also we can put some description about rule.

随着规则库的增长和扩大，对这些规则的管理成为一场噩梦。 因此，我们应该选择一个可识别的名称。 我们也可以对规则进行一些描述。

Provide Rule Name and Description提供规则名称和描述

And click to Createbutton on the left bottom side.

然后单击左下方的Create按钮。

创建默认规则 (Create Default Rules)

After click create we will get a warning stating that in order to prevent unexpected problems we should add default rules which are used to give required permissions to the Everyone and builtin administrators.

单击“创建”后，我们将收到一条警告，指出为防止意外问题，我们应添加默认规则，这些规则用于向所有人和内置管理员提供必需的权限。

Create Default Rules创建默认规则

After clicking Yesfollowing rule list will appear

单击“ Yes后，将显示以下规则列表

Rule List规则清单

通过执行启用Applocker规则(Enable Applocker Rules With Enforcement)

We have created our rule but is it enabled and works as we expect? Not because we should enable the AppLocker rules from its properties.

我们已经创建了规则，但是该规则已启用并且可以按预期工作吗？ 不是因为我们应该从其属性启用AppLocker规则。

打开Applocker属性 (Open Applocker Properties)

We can open Applocker properties window like below.

我们可以打开如下所示的Applocker属性窗口。

启用规则 (Enable Rules)

We will just enable Configuredcheckbox of Executable ruleslike below and then select Enforce rulesand click Apply .

我们将仅启用如下所示的“ Executable rulesConfigured复选框，然后选择“ Enforce rules并单击“ Apply。

I suggest you that for the first time for a little time select Auditonly. This will not enforce rules but create logs about the rules and give hints how it works and prevent accidents and lockdown.

我建议您第一次选择“仅Audit。 这不会强制执行规则，但会创建有关规则的日志，并提示它如何工作并防止事故和锁定。