To access Group Policy Editor and create rules in AppLocker you'll need to be logged in as Administrator.要訪問組策略編輯器,創造規則AppLocker您需要先登錄作為管理員。 Click on Start and type gpedit.msc into the search box and hit Enter.單擊開始, 鍵入 gpedit.msc到搜索框中並按下回車鍵。
Under Local Computer Policy go to Computer Configuration \ Windows Settings \ Security Settings \ Application Control Policies \ AppLocker.在本地計算機策略計算機配置\ Windows設置\安全設置\應用控制策略\ AppLocker。
Now you will see the overall controls for the applications.現在,你將看到的整體控制的應用。
Under Configure Rule Enforcement click on the Configure rule enforcement link.根據配置規則執行單擊配置規則的執行環節。
Now under AppLocker Properties check the boxes next to Configured under Executable rules then click Ok.現在,檢查下AppLocker屬性旁邊的框下的可執行文件的規則配置 ,然後單擊確定。
Blocking Apps from Running 阻止應用程序的運行
In this scenario, Jack wastes time playing games like Minesweeper and Solitaire when he should be doing his homework, so we are going to block all of the games.在這種情況下,傑克浪費時間玩遊戲像掃雷和紙牌遊戲的時候他應該做的功課,因此我們要阻止所有的遊戲。 After completing the steps above, under the Overview section click on Executable Rules.在完成上述步驟,在概述部分點擊可執行規則。
Since this is your first time accessing AppLocker, there will be no rules listed.由於這是您第一次訪問AppLocker,就沒有規則列出。 Right-click and select Create New Rule…右擊並選擇創建新規則...
This opens up the Create Executable Rules wizard and you can select not to show the introduction screen at start up for the next time you access it.這開闢了創建可執行規則嚮導,您可以選擇不顯示屏幕上介紹的啟動下一次訪問。
Select Permissions under Action select Deny.選擇權限下的行動選擇拒絕。
Add the user you want to block, in this case it's Jack.將用戶添加要阻止,在這種情況下,它的傑克。
After you've selected the deny action and selected the user continue to the next step.當你選擇了否定行動,並選擇用戶繼續下一個步驟。
In Conditions you can select from Publisher, Path or File hash.在條件您可以選擇從Publisher,路徑或文件哈希。 We don't want Jack to have access to any of the games.我們不希望傑克能夠獲得任何遊戲。 so we will select Path.所以我們會選擇路徑。
Click on Browse Folders and select the Microsoft Games folder.點擊瀏覽文件夾並選擇Microsoft遊戲文件夾。
In the next screen you could add Exceptions like allowing certain files, but because we are blocking the entire games directory we'll skip to the next screen.在接下來的屏幕上,您可以添加例外諸如讓某些文件,而是因為我們正阻礙整個遊戲目錄中,我們將直接跳到下一個畫面。
Here you can add a description to the rule so you can keep track of them is there are several rules configured.在這裡您可以添加說明的規定,使您可以跟踪他們是有一些規則的配置。 When everything looks right click on Create.當一切看起來右鍵點擊創建。
A message pops up saying default rules haven't been created yet.彈出一個消息說,默認規則還沒有創建。 It is important to make sure they are created so click Yes to this message.重要的是確保它們是創造了點擊此郵件。
Now you will see the default rules and the new one you created showing Jack is denied access to the Microsoft Games directory.現在你會看到默認的規則和新的創建,顯示傑克被拒絕訪問Microsoft遊戲目錄。
After creating the rule make sure and go into services and make Application Identification is started and that it's set to automatically start as well otherwise the rules won't work.在創建規則進行確認並進入應用服務,使鑑定啟動,它的設置為自動啟動,以及規則,否則將無法工作。 By default this service is not started so you will need to enable it.默認情況下此服務未啟動,因此您將需要啟用它。
![sshot-2009-11-08-[22-52-10]](http://www.howtogeek.com/wp-content/uploads/2009/11/sshot20091108225210.png "sshot - 2009 - 11 - 08 - [22-52-10]")
Now, when Jack logs into his user account and tries to access the games he will only see the following message.現在,當傑克登錄到他的用戶帳戶,並嘗試訪問比賽,他將只能看到下面的消息。 Only an Administrator can go in and change the rule.只有管理員可以進入並改變規則。
Conclusion 結論
Use caution when configuring the rules and only start the Application Identity service after everything looks right.使用時要小心配置的規則,只有啟動應用程序標識服務在萬象的權利。 Otherwise you have the potential of locking yourself out of all applications including AppLocker.AppLocker is a powerful feature included in Windows 7 and we showed you a basic rule so you can get an idea of how it works.否則,你有可能自己把自己鎖定的所有應用,包括AppLocker.AppLocker是一個強大的功能包含在Windows 7,我們發現您的基本規則,您可以得到一個想法它如何工作。 In the future we'll take a look at more complex tasks to accomplish and gain tight control over what programs each user is able to access.在未來,我們將看看在更複雜的任務要完成,並取得嚴格控制哪些程序每個用戶能夠訪問。
沒有留言:
張貼留言