New
#11
I haven't played with SRPs either, but I found this below that may help.
https://docs.microsoft.com/en-us/win...ction-policies
How to set up AppLocker restrictions on Windows 10 Pro?
-
-
New #12
I dug a little bit more into SRPs and unfortunately they are pretty much useless. The best you can do is deny access based on the hash of a file. What good can that do :)
So going back to this suggestion:
This is the only working solution I can do some restrictions with.You can also use Option One below to block application (exe) files using group policy. I just tested on my Windows 10 Pro.
Applications - Prevent Running Specified Programs - Windows 7 Help Forums
So quick question to you. How do I know what was blocked? Otherwise it just shows the message box that something was blocked.
In the AppLocker I could go to the Event Viewer and see what process was blocked.
-
-
New #14
OK, I'll need to re-phrase it. So I added some process names to that list. Stuff like:
mmc.exe
explorer.exe
srvchost.exe
...
etc.
But then, for instance, I was adding a network printer and it gave me a dialog box that that action was blocked by the administrator. So how do I know which process was blocked (that is not yet on my list, so I can add it)?
In other words, how do I run it in an "audit" mode?
-
New #15
I'm not aware of an audit mode for this other than knowing what process runs what you were trying to open.
Most likely, this was for mmc.exe.
-
New #16
mmc.exe is for the snap-in console. It has nothing to do with network printers.
Too bad, Microsoft dropped the ball on this one too. Damn, such a great idea but such a bad implementation. (Typical MSFT.)
BTW. Several hours later and I got it. (It was rundll32.exe. They use it to start all kinds of control panel windows.) So now I have 50 other processes to learn this manual way
Quote
Related Discussions
