В этом посте я постарался собрать наиболее полезные или интересные ссылки на MS Knowledge Base (или просто KB) по теме Software Restriction Policies и AppLocker.
Article name | Article ID |
How to stop an ActiveX control from running in Internet Explorer | KB240797 |
Description of the Software Restriction Policies in Windows XP | KB310791 |
RSoP Tool Incorrectly Displays Software Restriction Policies | KB312325 |
Software Restriction Policies Do Not Recognize 16-Bit Programs | KB319458 |
How To use Software Restriction Policies in Windows Server 2003 | KB324036 |
"Software Restriction Policy Does Not Allow You to Start This Program" Error Message Even Though the Program Is Defined As "Allowed" | KB815471 |
Software Restriction Policies feature does not log events as expected | KB823726 |
Software Restriction Policies Do Not Persist After You Define Them | KB830678 |
"Windows cannot open this program because it has been prevented by a software restriction policy" error message when a user tries to open a file in Windows Server 2003 | KB873419 |
You may receive a "RUNAS ERROR: Unable to run" error message in Windows XP with Service Pack 2 | KB895196 |
The Digital Signatures tab may not appear in the properties dialog box of a digitally signed file that is larger than approximately 400 MB in Windows XP with Service Pack 2 | KB922225 |
FIX: Error message when you try to install a large Windows Installer package or a large Windows Installer patch package in Windows Server 2003 or in Windows XP: "Error 1718. File was rejected by digital signature policy" | KB925336 |
Batch files for which you create a hash rules do not work on a Windows XP-based client computer | KB943854 |
Software Restriction Policy Enforcement set to “All Software Files” causes checks against paths/files that are invalid | KB959074 |
"HTTP Error 404 - File or Directory not found" error message when you request dll or exe files with IIS 6.0 | KB970140 |
You cannot install a Windows Installer package under the Local System context on a Windows XP-based computer that has update KB956572 installed | KB971913 |
Error message when you try to install a large Windows Installer package or a large Windows Installer patch package in Windows Server 2003 Service Pack 2: "Error 1718 File was rejected by digital signature policy" | KB973825 |
The "Run only allowed Windows applications" Group Policy setting displays no entries on a computer that is running Windows Vista, Windows Server 2008, or Windows 7 | KB976922 |
Error message occurs when you use GPMC to view a software restriction Group Policy setting in Windows 7 and in Windows Server 2008 R2: "An error has occurred while collecting data for Software Restriction Policies" | KB981750 |
AppLocker incorrectly calculates the hash of certain files at runtime in Windows 7 or in Windows Server 2008 R2 | KB975449 |
Windows 7 or Windows Server 2008 R2 stops responding at the "Please wait" screen before you are requested to press Ctrl+ALT+DEL | KB983551 |
You cannot access allowed applications that are managed by AppLocker in Windows 7 or in Windows Server 2008 R2 | KB2568041 |
You can circumvent AppLocker rules by using an Office macro on a computer that is running Windows 7 or Windows Server 2008 R2 | KB2532445 |
AppLocker path condition does not work when a file name contains international characters in Windows 7 or in Windows Server 2008 R2 | KB2659440 |
Список будет периодически обновляться по мере выхода новых KB.
Здравствуйте. Подскажите пожалуйста в какую сторону двигаться: при применении политики к какому либо запрещенному приложению об этом делается запись в системный журнал Applications вида: Тип события: Предупреждение Источник события: Software Restriction Policies Категория события: Отсутствует Код события: 865 Дата: 30.04.2011 Время: 17:53:19 Пользователь: Н/Д Компьютер: RS2L Описание: Доступ к C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE был ограничен Администратором политикой ограниченного использования программ. Плюс к этому ведется журнал применения правил политики заданный через значение реестра LogFileName. В этом журнале есть информация о родительском процессе и его PID, запускаемом процессе и примененном правиле. Мне нужно узнать какой пользователь пытался запустить неразрешенное приложение в течении недели (месяца). Ос: WinXP sp3.
Нужно написать парсер для текствого лога SRP. Других вариантов нету.
Comments: