rss
twitter
    Find out what I'm doing, Follow Me :)

Block any app, trialed by chrome

Posted by shas convicted on Tuesday, March 19, 2013 Labels: , , ,

block Google chrome using applocker


Hai, here i am going to share with you the tricks to block applications using security policy

Step 1. Edit the Group Policy Object that is targeted to the computer you want to apply this policy. Navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Application Control Policies and then click on “Configure rule enforcement”

image
Step 2. Under Executable rules tick “Configured” and select the “Enforce rules” option from the pop-down menu then click “OK”.
image
Step 3. Right click on “Executable Rules” and click on “Create New Rule..”
image
Step 4. Click “Next”
image
Step 5. Select “Deny” and then click “Next”
image
Step 6. Select “Publisher” condition and click “Next”
Note: The “Path” and “File hash” option are the same condition as was available in a software restriction policy that was in Windows XP and Vista.
image
Step 7. Click on “Browse”
image 
Step 8. Select the “chrome.exe” executable file and click “Open”
image
Step 9. In this example we are just going to accept the defaults and click “Next”.
Optional: If you wanted to just block a particular version of browser (or program) or just any version below a certain number tick “Use custom values” and then enter the version number in the “File version” field and select “And Below” from the pop-down menu.
image  
 Step 10: Click “Next”
image 
Step 11: Click “Create”
image 
Step 12: You will now be prompted to create some default rules that ensure that you don’t accidently stop Windows from working. Click “Yes” to this if you don’t already have these rules created.
image 
Step 13 (Optional): If you also want this AppLocker rule to apply computer administrators then right-click on the “BUILTIN\Administrators” rule and click “Delete”
image
Step 14 (Optional): Click “Yes”
image
You AppLocker Rules are now setup and should now look like this…
 image
Now there is one more thing you need to do to enable AppLocker on the computer…
Step 15. In the same Group Policy Object you were just editing navigate to Computer Configuration > Policies > Windows Settings > Security Settings > System Services and double click on the “Application Identity” service.
Note: This is the process that scan’s all the file before they are executed to check the name, hash or signature of the executable before it is run. If this is not turned on then AppLocker will simple now work.
image
Step 16: Tick “Define this policy setting” and tick “Automatic” then click “OK”
image
The services section should now look like this…
image
Your all done… Now when the user tries to run an un-approved browser (or program) they will be presented to this dialogue box…
image
Now if you want to make sure you have covered all the bases below is a an image of the AppLocker rules configured with a few more denied browsers…
image

0 comments:

Post a Comment