This topic has not yet been rated - Rate this topic

Use Software Restriction Policies to Help Protect Your Computer Against an Email Virus

Published: May 10, 2012

Updated: May 2, 2012

Applies To: Windows 8, Windows Server 2012

This topic provides information how to set application control polices using Software Restriction Policies (SRP) to help protect your computer against e-mail virus beginning with Windows Server 2008 and Windows Vista.

Introduction

Software Restriction Policies (SRP) is Group Policy-based feature that identifies software programs running on computers in a domain, and controls the ability of those programs to run. You use software restriction policies to create a highly restricted configuration for computers, in which you allow only specifically identified applications to run. These are integrated with Microsoft Active Directory Domain Services and Group Policy but can also be configured on stand-alone computers. For a starting point for SRP, see the Software Restrictions Policies Overview.

Beginning with Windows Server® 2008 R2 and Windows® 7, Windows AppLocker can be used instead of or in concert with SRP for a portion of your application control strategy. For information about AppLocker in Windows Server 2012 and Windows 8, see the AppLocker Overview.

Configure SRP to help protect against an e-mail virus

Review the best practices for software restriction policies to understand how SRP works.
- Best practices
- How Software Restriction Policies Work
Open Software Restriction Policies.
- For your local computer
- For a domain, site, or organizational unit, and you are on a member server or on a workstation that is joined to a domain
If you have not previously defined software restriction policies, create new software restriction policies.
- To create new software restriction policies
Create a path rule for the folder that your e-mail program uses to run e-mail attachments, and then set the security level to Disallowed.
- Working with path rules
Specify the file types to which the rule applies.
- To add or delete a designated file type
Modify policy settings so that they apply to the users and groups that you want:
- Specify users or groups to which you do not want the Group Policy Object's (GPO) policy settings to apply.
- Exclude local administrators from the software restriction policies of a specific policy setting in Group Policy and still have the rest of Group Policy apply to the administrators.
  - To prevent software restriction policies from applying to local administrators
Test the policy.

Did you find this helpful? Yes No

Not accurate

Not enough depth

Need more code examples

(1500 characters remaining)

Community Additions

ADD