Document Your Application List

Updated: June 21, 2012

Applies To: Windows 7, Windows 8, Windows Server 2008 R2, Windows Server 2012

This planning topic describes what application information to document when creating a list of applications for AppLocker policies.

Record your findings

Applications

Record the name of the application, whether it is signed or not as indicated by the publisher's name, and whether or not it is a mission critical, business productivity, optional, or personal application. Later, as you manage your rules, AppLocker displays this information in the format shown in the following example: MICROSOFT OFFICE INFOPATH signed by O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US.

Installation path

Record the installation path of the applications. For example, Microsoft Office 2007 installs files to %programfiles%\Microsoft Office\Office12\, which is C:\Program Files\Microsoft Office\Office12\ on most computers.

The following table is an example of how to list applications for each business group at the early stage of designing your application control policies. Eventually, as more planning information is added to the list, the information will be used to build AppLocker rules.

Business group Organizational unit Implement AppLocker? Applications Installation path

Bank Tellers

Teller-East and Teller-West

Yes

Teller Software

C:\Program Files\Woodgrove\Teller.exe

Windows files

C:\Windows

Human Resources

HR-All

Yes

Check Payout

C:\Program Files\Woodgrove\HR\Checkcut.exe

Time Sheet Organizer

C:\Program Files\Woodgrove\HR\Timesheet.exe

Internet Explorer 7

C:\Program Files\Internet Explorer\

Windows files

C:\Windows

Note

AppLocker only supports publisher rules for Windows 8 apps. Therefore, collecting the installation path information for Windows 8 apps is not necessary.

Event processing

As you create your list of applications, you will need to consider how to manage the events generated by user access or denial to run those applications to make your users as productive as possible. The following list is an example of what to consider and what to record:

  • Will event forwarding be implemented for AppLocker events?

  • What is the location of the AppLocker event collection?

  • Should an event archival policy be implemented?

  • Will the events be analyzed and how often?

  • Should a security policy be in place for event collection?

Policy maintenance

As you create your list of applications, you will need to consider how to manage and maintain the policies that you will eventually create. The following list is an example of what to consider and what to record:

  • How will rules be updated for emergency application access and permanent access?

  • How will applications be removed?

  • How many older versions of the same application will be maintained?

  • How will new applications be introduced?

Next steps

After you have created the list of applications, the next step is to identify the rule collections, which will become the policies. This information can be added to the table under columns labeled:

  • Use default rule or define new rule condition

  • Allow or deny

  • GPO name

To do this, see the following topics: