Applocker à la minute

Applocker à la minute

In one of my last blogs, I explained how to make sure access to Administrative Tools can be restricted using a GUI. It’s really simple to implement.

But… you can do more, much more.

What if I tell you, you can deploy a complete Applocker policy just within a few seconds?

It only requires two scripts; a deployment script which makes the connection to Graph and another script which contains the JSON (config) itself

Links to the Scripts (in a zip file)

  1. Deployment Script
  2. JSON File

https://call4cloud.nl/wp-content/uploads/2020/06/Windows10_Applocker.zip

The Applocker policy itself is hardened with the Lolbas Project in mind.

If you want to know more about the lolbas (lolbins) project, take a look at

https://lolbas-project.github.io/

Looking at the Applocker Policy itself, you have to keep in mind that the The DLL Policy is not configured when deploying the Applocker Policy.  When configuring the DLL Policy, it can cause a Performance impact on your system.

Of course, Powershell, Cmd, Regedit and all other, not necessary .exe files for users, are blocked. Do you want to run Teams? I guess you do. Teams.exe and all other necessary .exe files to run teams are allowed.

If you want to know more about how to implement Applocker, the names of only 2 persons who know everything about it come to mind: Sami Laiho and Oddvar Moe.

https://www.linkedin.com/in/samilaiho/

Sami is publishing a lot of Applocker stuff lately… So go check it out

https://www.linkedin.com/in/oddvarmoe

Conclusion:

You really need to implement least privilege and Applocker. You can deploy Applocker A la minute (Guess what my next blog will be about.. App a la minute)

One thought on “Applocker à la minute

Leave a Reply

Your email address will not be published. Required fields are marked *