Applocker and application management
Hi! I am currently piloting Applocker and trying to figure out how things work handling the applocker components. I have a pretty basic setup as a start. I have no rules for spesific applications, processes or scripts.
- Everything that is signed is allowed to run, be it executables, scripts or DLLs (Everyone / Allow )
- Everything that is located in ProgramFiles can run freely (Everyone / Allow for ProgramFiles)
- Admin on computers can execute everything (builtin/Administrators Allow, Path rule * )
I have verified that the rules are working in audit mode, and i have toggled the different filters on and off to see how they are working if enabled. Everything so far has worked to my expectations, however how do one handle ad-hoc software that needs to be installed on a client? If i try to manually run an installer on my test client and get that application into my programfiles folder, it now stops me from doing that, even though i am a Admin. I have not made a rule set and whitelisted applications, so i am for this scenario happy enough security wize that the aplications / executables / whatever are just digitally signed. My expectation then was that i could as an admin execute a local installer and get the application installed. What do i have to do to be able to achieve this? Are my rules just logically wrong, or is this scenario not attainable?
Most standard software would be introduced to the client through SCCM, and that works fine, so far at least. Its these ad-hoc scenarios that i am now testing to see if are possible at all. And what is normal procedure around application management on machines that are under Applocker policies?
If anyone could help me or give some pointers that would be higly appreciated :-)