Announcement

Collapse
No announcement yet.

White listing application for terminal server lockdown policy using SRP - GPO

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • White listing application for terminal server lockdown policy using SRP - GPO

    Hi All,

    I'd like to know what is the best way to securely lock down binaries in Windows Server 2008 R2 ?
    so that only certain application that is white listed can run, the other should not run (white listing)

    Should I configure it using Applocker through Local GPO ? or using SRP ?

    at the moment my GPO is handled by Windows Server 2003, therefore i cannot find Applocker setting, but then how to manually allow certain binaries only ?

    without having to click and type hundreds of other binaries / exe ? eg. powershell scipt ?

    *this policy by default is not secure if the attacker put the binaries inside Program files, then this policy is useless ?*

    Any kind of help would be greatly appreciated.

    Thanks,

    AWT
    Attached Files
    Last edited by Albertwt; 25th May 2010, 08:58.

  • #2
    Re: White listing application for terminal server lockdown policy using SRP - GPO

    I would go for Applocker since it "replaces" Software Restricion policy...
    http://technet.microsoft.com/en-us/l...41(WS.10).aspx

    You can try importing the ADM files from the Windows 2008 server.
    http://technet.microsoft.com/en-us/m...01.layout.aspx

    I haven't tested it, but I done this multiple times in the past
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: White listing application for terminal server lockdown policy using SRP - GPO

      Originally posted by Dumber View Post
      I would go for Applocker since it "replaces" Software Restricion policy...
      http://technet.microsoft.com/en-us/l...41(WS.10).aspx

      You can try importing the ADM files from the Windows 2008 server.
      http://technet.microsoft.com/en-us/m...01.layout.aspx

      I haven't tested it, but I done this multiple times in the past
      thanks for your reply Mr. Dumber

      because at the moment it is too ridiculous to manually list one by one even by creating script to list all original exe inside the C:\Windows and C:\ Program Files

      let me try this and get back to you soon.

      Comment

      Working...
      X