Microsoft AppLocker not Software Restriction Policies
AppLocker is a tool which allows administrators to specify what applications can run on a computer in their enterprise. It is deployed using group policy templates which makes it very easy to maintain and update. The technology is set to replace legacy software restriction polices which is great with me. Its like comparing a Ford Model-T to a Mustang Shelby.
How does it work
Instead of identifying applications simply by the filename, which is how software restriction policies work, there are three ways to do it. First is by publisher, which requires the application to be digitally signed. Second is by path where the application is located. And third is using a file hash.
You can target executables, scripts, dll’s and even Windows Store apps. Yes that’s right, store apps. So for those of you that have emailed me asking how to manage apps from the Windows 8 app store this podcast’s for you!