I use an application whitelisting solution (like AppLocker, BeyondTrust Privilege Manager, Bit9, Viewfinity Application Control, Faronics Anti-Executable).

Whitelist solutions and PolicyPak don’t try to accomplish the same goal. Let’s understand the two goals:

  • Whitelist solutions will stop applications from running AT ALL on your Windows 7 and later machines. This is great if you want to prevent the your users from running unsupported applications or prevent your users from running applications from the bad guys.
  • PolicyPak delivers settings to applications that are running, and consistently reinforces and remediates them. This guarantees that your important IT and security settings hit the application and users must adhere to them.

To learn more about the technical details of AppLocker, see this presentation from TechEd from Jeremy Moskowitz, Group Policy MVP (who also founded PolicyPak Software): http://channel9.msdn.com/Events/TechEd/NorthAmerica/2010/WCL303