Monthly Archives: October 2011

How to configure AppLocker Group Policy to prevent software from running


بسم الله الرحمن الرحيم

 Firstly: What is AppLocker?

AppLocker is a set of Group Policy settings that evolved from Software Restriction Policies, to restrict which applications can run on a corporate network, including the ability to restrict based on the application’s version number or publisher.

  • Click Start – All programs – Administrative Tools – Group Policy Management.
  • Create or Edit Group Policy Objects.
  • Expand Computer Configuration –  Policies – Windows Settings – Security Settings – Application Control Policies – AppLocker .
  • In right pane click on Configure rule enforcement

 Note:

  1. Executable rules: .exe, .com
  2. Windows Installer rules: .msi, .msp
  3. Scripts rules: .ps1, .bat, .cmd, .vbs, .js
  • Under Executable rules check configured box and select Enforce rules then click ok
  • In left pane under AppLocker right click on Executable Rules  then  select Create New Rule
  • Select Deny and select what user or group will prevent.

Note:

Publisher rules: This condition identifies an application based on its digital signature and extended attributes. The digital signature contains information about the company that created the application (the publisher). The extended attributes, which are obtained from the binary resource, contain the name of the product that the application is part of and the version number of the application.

Path rules: This condition identifies an application by its location in the file system of the computer or on the network.

File hash: This condition identifies an application which is not digitally signed can be restricted by a file hash rule instead of a publisher rule.

  • Select Publisher and click Next

  • Click browse then select executable file example.exe
  • Choose any options from prevent with any publisher, publisher, product name, file name and file version then click Next.

  • Read it and click Next
  •   Click Create
  • You will now be prompted to create some default rules that ensure that you don’t accidently stop Windows from working. Click “Yes” to this if you don’t already have these rules created.

Note:

If you want to apply this role on computer administrator then right-click on the BUILTIN\Administrators rule and click Delete

Now we will active the Application Identity service to enable AppLocker on the computers

  • In the same Group Policy Object you were just editing Computer Configuration – Policies – Windows Settings – Security Settings – System Services
  • Right click Application Identity service then properties
  • Check Define this policy setting box and Automatic then OK.

Now when users try run program he will get this

Reference:

http://www.grouppolicy.biz/2010/04/how-to-configure-applocker-group-policy-in-windows-7-to-block-third-party-browsers/comment-page-1/#comment-3615

http://www.windows7library.com/blog/security/applocker-part-2-understanding-applocker-rules/

Advertisements

How to force proxy settings via group policy


بسم الله الرحمن الرحيم

This article describes how to force proxy settings via group policy.

  • Click StartAll programs – Administrative Tools – Group Policy Management.
  • Create or Edit Group Policy Objects.
  • Expand User configurationPoliciesWindows SettingsInternet Explorer MaintenanceConnection.
  • In right Pane Proxy Settings.

For some security reasons maybe administrator need to prevent end users from change their proxy settings

You can do it with group policy follow this steps:

  • Click StartAll programs – Administrative Tools – Group Policy Management.
  • Create or Edit Group Policy Objects.
  • Expand Computer Configuration – Administrative Templates – Windows Components –  Internet Explorer – Internet Control Panel
  • In right Pane  Disable the Connections page  (Enabled)

How to Find the MAC Address


بسم الله الرحمن الرحيم

This article describes a quick method to find the MAC  Address(Media Access Control).

1- What is MAC Address ?

– A Media Access Control address (MAC address) is a unique identifier assigned to network interfaces

for communications on the physical network segment.

2- What is ARP?

Address Resolution Protocol (ARP) is the protocol that maps Ethernet MAC address to IP address.

To determine the MAC address of computer:

start – Run – type  ARP -a (local computer IP)

Note : If you not determine the IP the command will give you MAC Address for all subnet network.

World’s biggest clock in Mecca


بسم الله الرحمن الرحيم

Saudi Arabia is hopeful they’re going to set a new time standard, the Mecca time, which will rival Greenwich Mean Time. The clock is located very centrally in the city, close to the (Al-Masjid al-Ḥarām)

More Information:

http://en.wikipedia.org/wiki/Abraj_Al_Bait_Towers

http://en.wikipedia.org/wiki/List_of_biggest_clock_faces

How to (Enable or Disable) Remote Desktop via Group Policy Windows 2008


بسم الله الرحمن الرحيم

1 We can use Group Policy setting to (enable or disable) Remote Desktop

  • Click StartAll programs – Administrative Tools – Group Policy Management.
  • Create or Edit Group Policy Objects.
  • Expand Computer Configuration – Administrative Templates – Windows Components – Remote Desktop Services – Connections.
  •  Allow users to connect remotely using Remote Desktop Services (enable or disable)

2- We can use Group Policy Preferences to (enable or disable) Remote Desktop 

  • Click StartAll programs – Administrative Tools – Group Policy Management.
  • Create or Edit Group Policy Objects
  • Expand Computer Configuration PreferencesWindows Settings.
  • Right click RegistryNew Registry Item.
  • General Tab.
  • Action :Update
  • Hive :HKEY_LOCAL_MACHINE
  • Key path : SYSTEM\CurrentControlSet\Control\Terminal Server
  • Value name : fDenyTSConnections
  • Value type  : REG_DWORD
  • Value date   : 00000000 enable OR 00000001 disable