Application Support
Application Control Policies
Software Restriction Policies
- Software Restriction Policies are implemented as part of a management strategy for Windows XP workstations that are domain-joined to a Windows Server 2003 domain.
- Software Restriction Policies are typically created using an MMC Group Policy snap-in on an Active Directory domain server to create a Group Policy Object (GPO).
- Any single mistake can have serious consequences to the ability of workstations to operate. The default behavior is set to allow all applications to run by default.
- The following additional rule types that can be created as exceptions include:
- Hash Rule: It defines a hash identifier that uniquely identifies a file and assigns it a software restriction behavior.
- Path Rule: It defines exceptions that allow or disallow a file or folder location specified with a path value.
- Internet Zone Rule: It works with the Windows Installer.
- Certificate Rule: It defines exceptions based on a digital certificate signed to an application or script.
- Registry Key Rule: It defines exceptions based on a path stored in a registry value.
- Software restriction policies know about most executable file types based on their file extension. Restriction policies are delivered by Group Policy.