Server Admin I Unit 8.9 App Restriction Policies Flashcards

1
Q

Software Restriction Policies

A

Policies that allow an organization to control the applications that run on the computers in their environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Default Software Restriction Policies

A

There are no default policies. .exe files run based on NTFS file permissions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Three Software Restriction “Security Levels”

A
  1. Unrestricted
  2. Disallowed
  3. Basic User
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Unrestricted “Security Level”

A

All applications are allowed to run, except those specifically excluded.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Disallowed “Security Level”

A

All applications are prohibited, except those specifically excluded.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Basic User

A

All applications that standard users can run are allowed. All apps that require admin priviledge are not allowed .

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Four Software Restriction Rules

A
  1. Hash
  2. Certificate
  3. Network Zone
  4. Path.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Hash Software Restriction Rule (2)

A
  1. Uses digital fingerprint (hash file) to ID and restrict software usage.
  2. Very narrow in scope, can be defeated by using a different software version.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Certificate Software Restriction Rule (3)

A
  1. Uses digital signature (certificate) of the softwares publisher.
  2. Applies to all applications from specific publisher.
  3. Considered too broad in scope at times.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Network Zone Software Restriction Rule

A

Condition specifies where the appilcation originated. Includes: Internet Zone, Intranet Zone, Restricted Sites, Trusted Sites, and Local Computer Zone.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Path Software Restriction Rule (4)

A
  1. Condition specifies a folder, file or a wildcard of files to restrict or allow execution.
  2. Path conditions are least secure of all software restriction conditions.
  3. When using Path , use NTFS to prevent users from copying .exe’s to locations outside the scope of the path condition.
  4. If a folder is specificed, restriction applies to all programs within the folder.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Applocker

A

Application Control Policies introduced with Windows 7 and WinServer’08 R2.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Benefits to Applocker over Software Restictions (5)

A
  1. Wizard can recommend rules based on folder contents.
  2. Polcies can be applied to specific user or groups
  3. Policies can be applied to all versions of an app.
  4. Exceptions can be included in policies.
  5. Allows flexibility in ID software to block.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Applocker Rule Types (4)

A
  1. Executable
  2. Windows Installer
  3. Script
  4. Packaged App
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Executable Applocker Rule (2)

A
  1. Applies to files with .exe and .com extensions.

2. Initial scope of the rule is Everyone.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Windows Installer Applocker Rule

A

Applies to .msi and .msp file extensions.

17
Q

How can the Windows Installer Applocker Rule control software installation (3)

A
  1. Based on presence of digital signature.
  2. Based on user of software (can be combined with digital signature requirement)
  3. Software or Software Updates via Group Policy
18
Q

Script Applocker Rule

A

Applies to .ps1 , .bat, .cmd, .vbs, and .js file extensions

19
Q

Packaged App Applocker Rule

A

Applies to Windows apps (.appx) purchased through the WIndows Store and can be used only on Windows 8

20
Q

Applocker Rule Conditions (3)

A
  1. Publisher
  2. Path
  3. Hash
21
Q

What service must be started to use Applocker

A

Application Identity Service (ApplIDSvc)

22
Q

Applocker Soft Enforcement

A

Auditing mode that Applocker uses to monitor application events, software is still allowed to run. Applies to all rules within a specific type.

23
Q

What information is saved in the Applock Event Log (4)

A
  1. Rule name
  2. SID of the user or group
  3. File and path of the restricted or permitted application
  4. Rule type or condition used.
24
Q

What two things need to be done to allow Applocker to be used?

A
  1. Create default rules so the OS will be allowed to run.

2. Set rules to Enforce.

25
Q

To apply Group Policy Preferences to pre-Windows7 clients what do you need?

A
  1. Download and install client-side extensions (CSE’s)

2. Use Group Policy to rollow out CSEs to clients.