tailieunhanh - Configuring Windows 7 (Training Kit) - Part 31
Configuring Windows 7 (Training Kit) - Part 31. This training kit is designed for IT professionals who operate in enterprise enviroments that use Windows 7 as a desktop operating system. You should have at least one year of experience in the IT field, as well as experience implementing and administering any Windows client operating system in a networked environment. | FIGURE 5-12 Software Restriction Policy security levels Enforcement You can use the Enforcement Properties policy shown in Figure 5-13 to specify whether Software Restriction Policies to all software files except libraries such as DLLs or all software files including DLLs. If the default level is set to Disallowed and you configure the enforcement policies to apply to all software files you need to configure rules for all the DLL files used by a program to use that program. Microsoft recommends that you do not include DLLs unless you are managing computers in a highly secure environment. This is primarily because managing rules for DLLs adds significantly to the amount of work that an administrator has to undertake to maintain Software Restriction Policies successfully. FIGURE 5-13 Software Restriction Policy enforcement You can use the Enforcement policy to apply Software Restriction Policies to all users or all users except for members of the local administrators group. You can also use this policy Lesson 2 Managing AppLocker and Software Restriction Policies CHAPTER 5 273 to specify whether certificate rules will be enforced or ignored. The drawback to enforcing certificate rules is that it can degrade a computer s performance significantly. Designated File Types The Designated File Types policy shown in Figure 5-14 allows you to determine which file extensions should be recognized as executable files and hence fall under the influence of Software Restriction Policies. Using the Add and Remove buttons administrators modify the list of application extensions that are managed by Software Restriction Policies. Although an administrator is able to modify this list she cannot remove the standard executable extensions such as .com .exe and .vbs. These extensions are always recognized as executable. FIGURE 5-14 Designated File Types Path Rules Path rules shown in Figure 5-15 allow you to specify a file folder or registry key as the target of a Software Restriction .
đang nạp các trang xem trước