I use an application whitelisting solution (like AppLocker, BeyondTrust Privilege Manager, Bit9, Viewfinity Application Control, Faronics Anti-Executable).

Whitelist solutions and PolicyPak don’t try to accomplish the same goal. Let’s understand the  goals:

  • Whitelist solutions will stop applications from running AT ALL on your Windows 7 and later machines. This is great if you want to prevent the your users from running unsupported applications or prevent your users from running applications from the bad guys.
  • PolicyPak Application Manager delivers settings to applications that are running, and consistently reinforces and remediates them. This guarantees that your important IT and security settings hit the application and users must adhere to them.
  • PolicyPak Least Privilege Manager has a way to simply block applications from running if they are not installed by administrators. We call this SecureRun(TM). You can check out the video here.

So, AppLocker and other whitelisting solutions are great… if you’re already invested in them. But if you’re not, consider PolicyPak Least Privilege Manager with SecureRun, which can give you the flexibility of a whitelisting solution, without all the heartache of trying to keep up with a list.

To learn more about the technical details of AppLocker, see this presentation from TechEd from Jeremy Moskowitz, Group Policy MVP (who also founded PolicyPak Software): http://channel9.msdn.com/Events/TechEd/NorthAmerica/2010/WCL303