Use Software Restriction Policies to Help Protect Your Computer Against an Email Virus
Applies To: Windows 8.1, Windows Server 2012 R2, Windows Server 2012, Windows 8
This topic provides information how to set application control polices using Software Restriction Policies (SRP) to help protect your computer against e-mail virus beginning with Windows Server 2008 and Windows Vista.
Introduction
Software Restriction Policies (SRP) is Group Policy-based feature that identifies software programs running on computers in a domain, and controls the ability of those programs to run. You use software restriction policies to create a highly restricted configuration for computers, in which you allow only specifically identified applications to run. These are integrated with Microsoft Active Directory Domain Services and Group Policy but can also be configured on stand-alone computers. For a starting point for SRP, see the Software Restriction Policies.
Beginning with Windows Server® 2008 R2 and Windows® 7, Windows AppLocker can be used instead of or in concert with SRP for a portion of your application control strategy. For information about AppLocker in Windows Server 2012 and Windows 8, see the AppLocker Overview [Client].
Configure SRP to help protect against an e-mail virus
Review the best practices for software restriction policies to understand how SRP works.
Open Software Restriction Policies.
If you have not previously defined software restriction policies, create new software restriction policies.
Create a path rule for the folder that your e-mail program uses to run e-mail attachments, and then set the security level to Disallowed.
Specify the file types to which the rule applies.
Modify policy settings so that they apply to the users and groups that you want:
Specify users or groups to which you do not want the Group Policy Object's (GPO) policy settings to apply.
Exclude local administrators from the software restriction policies of a specific policy setting in Group Policy and still have the rest of Group Policy apply to the administrators.
Test the policy.