0

My use case is pretty simple i.e. - "Blacklisting Apps(including Store Apps) and URLs on a device".

You can think of it like a MDM Scenario where I want to do various stuff on the device enrolled e.g. Blacklisting, etc...

I could figure out that "AppLocker" is something that I wanted.

Also I found that in Windows 10, AppLocker provides CSP which can be used in my case. But for Windows 7, 8, 8.1, though AppLocker is present but there is no CSP stuff (as far as I could figure out, I may be wrong :) )

How can I achieve the above App and URL Blacklisting on Windows 7, 8 and 8.1 atleast on my local PC and then replicate to the MDM Solution. Thanks!!

Saurabh Rai
  • 361
  • 2
  • 18

1 Answers1

1

Do all the configurations you need on your local computer. Microsoft documentation is pretty complete on that topic: AppLocker.

On the configuration device, launch the Local Security Policy editor. Navigate to Application Control Policies > AppLocker and select Configure Rule Enforcement.

Once it's done, Right click AppLocker and select Export Policy and save the XML configuration file. Now, you just have to deploy this file to your fleet. If you have a MDM solution, maybe it supports this feature. AirWatch does, I don't know for others but it's very likely. You can also look into Windows Imaging and Configuration Designer. This Microsoft tool produce packages which configure Windows. I'm pretty confident that you can achieve the same goal that AirWatch Products.

Soma
  • 861
  • 2
  • 17
  • 32
  • Thanks for the reply. I know that I can deploy the XML Configuration in Windows 10 using SyncML protocol as you suggested. The point is will the same be possible for Windows 8.1 PCs, laptops, Windows 8.1 Mobiles and Windows 7 devices? How to push the configuration to these legacy devices? I wasn't able to find much documentation on this. – Saurabh Rai May 08 '16 at 04:30
  • Well, i don't know for others MDM but AirWatch has what they called Products. With that, you can deploy a file and a script, then execute the script which in your case will place the XML configuration file at the right place. Products are compatible with Windows 7 and Windows Desktop devices. – Soma May 08 '16 at 20:02
  • Thanks for the comment. It's interesting how AirWatch does all that. But It's difficult to do the same on my own as I am not getting much documentation for the same. Also since we have to make an MDM Solution from top to bottom ourselves, using AirWatch is not an option. I will continue to search and share relevant info here when I get a breakthrough. – Saurabh Rai May 09 '16 at 06:51
  • You should look into Windows Imaging and Configuration Designer tool. I do not have the time right now to look into it but I'm pretty confident you can do what you want with it. – Soma May 09 '16 at 08:26
  • Thanks a lot for your support !! I will surely start looking into Windows Imaging and Configuration Designer tool. Will update what I got in a few days. – Saurabh Rai May 09 '16 at 09:39