내보내기(0) 인쇄
모두 확장

Create a Rule That Uses a Path Condition

게시: 2012년 2월

업데이트 날짜: 2012년 5월

적용 대상: Windows 8, Windows Server 2012

This topic shows how to create an AppLocker rule with a path condition in Windows Server 2012 and Windows 8.

The path condition identifies an application by its location in the file system of the computer or on the network.

Important중요
When creating a rule that uses a deny action, path conditions are less secure for preventing access to a file because a user could easily copy the file to a different location than what is specified in the rule. Because path rules correspond to locations within the file system, you should ensure that there are no subdirectories that are writable by non-administrators. For example, if you create a path rule for C:\ with the allow action, any file within C:\ will be allowed to run, including users' profiles.

For information about the path condition, see Understanding the Path Rule Condition in AppLocker.

You can perform this task by using the Group Policy Management Console for an AppLocker policy in a Group Policy Object (GPO) or by using the Local Security Policy snap-in for an AppLocker policy on a local computer or in a security template. For information how to use these MMC snap-ins to administer AppLocker, see Using the MMC snap-ins to administer AppLocker.

  1. In the console tree of the snap-in, double-click Application Control Policies, double-click AppLocker, and then click the rule collection that you want to create the rule for.

  2. On the Action menu, click Create New Rule.

  3. On the Before You Begin page, click Next.

  4. On the Permissions page, select the action (allow or deny) and the user or group that the rule should apply to, and then click Next.

  5. On the Conditions page, select the Path rule condition, and then click Browse Files to locate the targeted folder for the application.

    note참고
    When you browse to a file or folder location, the wizard automatically converts absolute file paths to use AppLocker path variables. You may edit the path after browsing to specify an absolute path, or you may type the path directly into the Path box. To learn more about AppLocker path variables, see Understanding the Path Rule Condition in AppLocker.

  6. Click Next.

  7. (Optional) On the Exceptions page, specify conditions by which to exclude files from being affected by the rule. Click Next.

  8. On the Name and Description page, either accept the automatically generated rule name or type a new rule name, and then click Create.

이 정보가 도움이 되었습니까?
(1500자 남음)
의견을 주셔서 감사합니다.

커뮤니티 추가 항목

추가
Microsoft는 MSDN 웹 사이트에 대한 귀하의 의견을 이해하기 위해 온라인 설문 조사를 진행하고 있습니다. 참여하도록 선택하시면 MSDN 웹 사이트에서 나가실 때 온라인 설문 조사가 표시됩니다.

참여하시겠습니까?
표시:
© 2014 Microsoft