Archive

Archive for the ‘AppLocker’ Category

Microsoft news in June 2019

June 20, 2019 Leave a comment

So far June has been busy month for Microsoft. Few of the recent announcements I want you to know about:

Microsoft Azure Bastion – private and fully managed RDP and SSH access to virtual machines (blog)

AaronLocker performance and feature updates (blog)

Microsoft Hyper-V Server 2019 available for download (ISO)

Sysinternals updates
    – Sysmon v10.01 – adds support for DNS query logging
    – Autoruns for Windows v13.95 – adds support for user Shell folders redirections

Windows To Go (WTG) – Feature Deprecation in Windows 10 1903

PowerShell v7.0.0-preview.1 Release

Azure Multi-Factor Authentication Server goes Cloud-Only – As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments.

Microsoft Edge Insider Channels receives update on Canary channel – brings preview for Windows 7, Windows 8, Windows 8.1 and macOS (*)

– SCCM Client extension for Windows Admin Center (more info) (*)

Windows Insider Lab Kit (Olympia v2) updated to version 5.7 (*)

Windows and Office Deployment Lab Kit updated to version 1903 (*)

* added after initial blog post

Categories: AppLocker, Azure, Download, Hyper-V, Microsoft, PowerShell, Sysinternals, Windows Tags: , , , , ,

AaronLocker – automate AppLocker configuration

February 25, 2019 Leave a comment

AppLocker is application whitelisting security feature that became available in Windows 7 and Windows Server 2008 R2. With Windows 10 and Windows Server 2016 Microsoft decided to rebrand it to Windows Defender Application Control or WDAC for short. Other than rebranding it, AppLocker didn’t receive any major improvements. In most of the management tools you will still find it under AppLocker name.

If you want to learn more about it, I would recommend you to check out official documentation.

If you or your company is using Windows Enterprise or Education client operating system, then you should look at setting up AppLocker. The implementation itself doesn’t take much time but it can drastically improve overall security of Windows environment. In Windows 10 and Windows Server 2016 AppLocker represents one part of multi-layer defense strategy.

To ease the implementation, Aaron Margosis put together set of PowerShell scripts including detailed documentation called AaronLocker. What AaronLocker helps you do is automate most of the tasks needed to implement and maintain AppLocker.

Few of the nice to have features are:

– Selective scan of any folder and subfolders with rule merge
– Additional rules for domain-joined PCs
– Find user writable paths and set exclusions
– Exclude sensitive build-in Windows programs, that are rarely used by non-admins
– Policy report in Excel
– Audit and Enforce policy
– Audit/Enforce summary reporting from AppLocker Logs in Event Viewer
– Reporting supports forwarded events with Event Forwarding (How-to in the documentation)
– Detailed documentation including how to implement Pilot / Broad / Production phases

You can learn more about AaronLocker from the documentation available on the GitHub portal. If you prefer or like video content, you can also check two YouTube videos, first one introducing the solution and second one quick start.

Categories: AppLocker, GPO, Microsoft, PowerShell, Security, Server 2016, Windows, Windows 10, Windows 7, Windows 8.1 Tags: , , ,