Filter
Top Products
Protect Workers and Infrastructure
People who run unauthorized software often experience a higher incidence of malware infections and
generate more help desk calls. We understand how dif cult it can be for IT departments to make sure that
user PCs are running only approved, licensed software. With Windows 7, you’ll get even greater control
over which applications can run on PCs.
AppLocker
In Windows 7, we’ve enhanced application control policies with AppLocker, a exible and easily adminis-
tered mechanism with which you can specify exactly what is allowed to run on user PCs. As a result, you’ll
be able to standardize applications for better
security and operations.
AppLocker provides simple, powerful,
rule-based structures for specifying which appli-
cations can run, so you get the exibility you
need in determining which users can run which
applications, installation programs, and scripts.
AppLocker also introduces publisher rules that
are based on an application’s digital signature,
which makes it possible to build rules that
survive application updates. For example, you
could create a rule to “allow all versions greater
than 9.0 of the program Acrobat Reader to run
if it’s signed by the software publisher Adobe.”
In this way, when Adobe updates Acrobat, you
can safely deploy the application update with-
out having to build another rule for the new
version of Acrobat.
With the Audit Only Enforcement Mode
setting, you can determine which applica-
tions are used in an organization and test
rules before deploying them. When the
AppLocker policy for a rule collection is set
to Audit Only, rules for that rule collection
are not enforced. However, before applica-
tions are deployed, you can import rules
into AppLocker and test them using the
Audit Only enforcement mode.
AppLocker showing
executable rules.
AppLocker summary