SRPs have been legacy for a while now, I guess, Microsoft has been
encouraging people to switch to AppLocker. To migrate I think you would
need to switch some AppLocker policies in audit mode, capture the required
settings, and then disable the SRPs.

I used to be a big fan of SRPs, they always felt simpler to set up than
AppLocker, but I guess Microsoft may deprecate them eventually. This is
*assuming* that you don't get any odd behaviour in AppLocker :-)

Cheers,



JR

On 4 March 2015 at 16:31, Klaus Hartnegg <[email protected]> wrote:

> Software Restriction Policy (SRP) in Win7-64 behaves different than in
> Win7-32 or WinXP-32 (I'm using SRP in whitelisting mode, default level is
> restricted).
>
> SRP allows to choose whether it should affect everybody, or everybody
> except admins. In 32bit this does have the expected effect. But in 64bit
> administrator always are allowed to run executables everywhere, regardless
> of SRP settings. Is SRP broken in 64bit Windows?
>
> Also there is an option whether SRP should affect all except DLLs, or
> really all software. In Win7-64 with DLLs specifically excluded from SRP,
> every user gets on the first login the error message that MSOE.DLL cannot
> be loaded. Why? SRP is told to not not restrict DLLs, and that DLL is in a
> directory that is specifically allowed.
>
> I did find a solution to the second problem: remove these registry keys:
> HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-
> 11CF-AAFA-00AA00B6015C}
> HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed
> Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
>
> But the first issue makes me wonder whether SRP can be trusted any more,
> or maybe we must switch to AppLocker?
>
> Klaus
>
>
>
>


-- 
*James Rankin*
---------------------
RCL - Senior Technical Consultant (ACA, CCA, MCTS) | The Virtualization
Practice Analyst - Desktop Virtualization
http://appsensebigot.blogspot.co.uk

Reply via email to