내보내기(0) 인쇄
모두 확장
이 항목은 아직 평가되지 않았습니다.- 이 항목 평가

Administering AppLocker

게시: 2012년 4월

업데이트 날짜: 2012년 6월

적용 대상: Windows 8, Windows Server 2012

This topic provides links to specific procedures to use when administering AppLocker policies and rules in Windows Server 2012 and Windows 8.

AppLocker helps administrators control how users can access and use files, such as executable files, packaged apps, scripts, Windows Installer files, and DLLs. Using AppLocker, you can:

  • Define rules based on file attributes derived from the digital signature, including the publisher, product name, file name, and file version. For example, you can create rules based on the publisher attribute that is persistent through updates, or you can create rules for a specific version of a file.

  • Assign a rule to a security group or an individual user.

  • Create exceptions to rules. For example, you can create a rule that allows all Windows processes to run except Registry Editor (Regedit.exe).

  • Use audit-only mode to deploy the policy and understand its impact before enforcing it.

  • Import and export rules. The import and export affects the entire policy. For example, if you export a policy, all of the rules from all of the rule collections are exported, including the enforcement settings for the rule collections. If you import a policy, the existing policy is overwritten.

  • Simplify creating and managing AppLocker rules by using AppLocker PowerShell cmdlets.

note참고
For more information about enhanced capabilities of AppLocker to control Windows apps, see AppLocker의 패키지된 앱 및 패키지된 앱 설치 관리자 규칙.

The following topics are included to administer AppLocker:

You can administer AppLocker policies by using the Group Policy Management Console to create or edit a Group Policy Object (GPO), or to create or edit an AppLocker policy on a local computer by using the Local Group Policy Editor snap-in or the Local Security Policy snap-in.

You must have Edit Setting permission to edit a GPO. By default, members of the Domain Admins group, the Enterprise Admins group, and the Group Policy Creator Owners group have this permission. Also, the Group Policy Management feature must be installed on the computer.

  1. 시작 화면에서 다음을 입력합니다. gpmc.msc or open the Group Policy Management Console (GPMC).

  2. Locate the GPO that contains the AppLocker policy to modify, right-click the GPO, and click Edit.

  3. In the console tree, double-click Application Control Policies, double-click AppLocker, and then click the rule collection that you want to create the rule for.

  1. 시작 화면에서 다음을 입력합니다. secpol.msc or gpedit.msc.

  2. 사용자 계정 컨트롤 대화 상자가 나타나면 원하는 작업이 표시되었는지 확인한 다음 를 클릭합니다.

  3. In the console tree of the snap-in, double-click Application Control Policies, double-click AppLocker, and then click the rule collection that you want to create the rule for.

For how-to information about administering AppLocker with Windows PowerShell, see Use the AppLocker Windows PowerShell Cmdlets. For reference information and examples how to administer AppLocker with Windows PowerShell, see the AppLocker PowerShell Command Reference.

이 정보가 도움이 되었습니까?
(1500자 남음)
의견을 주셔서 감사합니다.

커뮤니티 추가 항목

추가
Microsoft는 MSDN 웹 사이트에 대한 귀하의 의견을 이해하기 위해 온라인 설문 조사를 진행하고 있습니다. 참여하도록 선택하시면 MSDN 웹 사이트에서 나가실 때 온라인 설문 조사가 표시됩니다.

참여하시겠습니까?
표시:
© 2014 Microsoft. All rights reserved.