Skip to main content

B.com 3rd Year - Economy Development & Policy In India (C-103) Latest 20...

Group Policy Management

AppLocker Policy

AppLocker is a set of Group Policy settings that evolved from Software Restriction Policies, to restrict which applications can run on a corporate network, including the ability to restrict based on the application’s version number or publisher.
  • Click on Start Button –Control Panel – Click on View by: Large Icons –Administrative Tools – Local Security Policy.

  • Expand Application Control policies---Expand Applocker---then expand Executable rules--After that right click on executable rules---new rules---then next---choose your need allow or deny-----Select users-----Provide path---Next---Create---Click on Yes.

  • For Update of policy: open cmd---type gpupdate /force---enter.

Note:

  1. Executable rules: .exe.com
  • Windows Installer rules: .msi.msp
  1. Scripts rules: .ps1.bat.cmd.vbs.js

Notes:

Publisher rules: This condition identifies an application based on its digital signature and extended attributes. The digital signature contains information about the company that created the application (the publisher). The extended attributes, which are obtained from the binary resource, contain the name of the product that the application is part of and the version number of the application.
Path rules: This condition identifies an application by its location in the file system of the computer or on the network.
File hash: This condition identifies an application which is not digitally signed can be restricted by a file hash rule instead of a publisher rule.
  • Select Publisher and click Next
  • Click browse then select executable file example.exe
  • Choose any options from prevent with any publisher, publisher, product name, file name and file version then click Next.
  • Read it and click Next
  • Click Create
  • You will now be prompted to create some default rules that ensure that you don’t accidently stop Windows from working. Click “Yes” to this if you don’t already have these rules created.

 Now we will active the Application Identity service to enable AppLocker on the computers
  • In the same Group Policy Object you were just editing Computer Configuration – Policies – Windows Settings – Security Settings – System Services
  • Right click Application Identity service then properties
  • Check Define this policy setting box and Automatic then OK

  • Account Lockout Policy:
The Account lockout duration policy setting determines the number of minutes that a locked-out account remains locked out before automatically becoming unlocked. The available range is from 1 through 99,999 minutes. A value of 0 specifies that the account will be locked out until an administrator explicitly unlocks it.

Steps are following as:
  1. Control Panel-----Administrative Tools-----local security policy
  2. Account  policies------account lockout policies
  3. There are 3 option:
  • Account lockout duration: It means how much time account is locked after wrong attempt.  Select according to your environment/condition.
  • Account lockout thresold: It means how many times user can try login his/her account.
  • Reset account lockout counter after: It means user can try login after lockout duration is over.
Note: Select according to your environment/condition.


Comments

Popular posts from this blog

Parts of CPU

 Motherboard A  motherboard  (sometimes alternatively known as the mainboard, system board, baseboard, planar board or logic board, or colloquially, a mobo) is the main printed circuit board (PCB) found in general purpose microcomputers and other expandable systems. Motherboard components Expansion slots (PCI Express, PCI, and AGP) 3-pin case fan connectors. Back pane connectors. Heat sink. 4-Pin (P4) power connector. CPU Socket. Northbridge Southbridge BIOS Chip  Processor  SMPS - Switched Mode Power Supply  Hard Drive  RAM - Random Access Memory  ROM - Read Only Memory  Cabinet  DVD Writer

Top 5 Bank Books for Exam

Troubleshooting Tips

Uninstall Application Forcefully Through Command : 1. Login as Administrator. 2. Click on Start Button. 3. Type CMD. 4. Right click on CMD. 5. Choose 2 option "Run as Administrator", then click on yes. 6. After open CMD, type "wmic" 7. Then type "product get name" 8. After that choose your application whichever you want to uninstall forcefully. 9. Then type "product where name= application-name" (full name of application like chrome.exe ) 10. After that type " product where name= application-name call uninstall " It's take sometime to uninstall the program or application according to the size of application or program. Thanks You Can Also Subscribe My YouTube Channel- Techn. Trainer Official