Beruflich Dokumente
Kultur Dokumente
Restriction Policies.
СРЕДА, 01 - ИЮНЬ - 2011 13 КОММЕНТАРИЕВ
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers]
"DefaultLevel"=dword:00040000
SRP_Enable.reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers]
"DefaultLevel"=dword:00000000
In fact, the DefaultLevel value does not turn the policy off
but switches the current SRP behavior from ‘whitelisting’
(Default: Disallowed) to ‘blacklisting’ (Default: Unrestricted), thus
permitting the launch of any program except those clearly
described as Disallowed in the Additional Rules policy container.
Try avoiding creating rules with Disallowed security level because
this makes policy maintenance too complex.
Create the shortcuts to the reg-files mentioned above and
place them on the administrator’s desktop. The software
installation procedure won’t become too complex compared with
that you have done before:
Disable security by switching the SRP mode to Unrestricted
with an SRP_Disable shortcut;
Install or update all the software you need;
Enable security by switching the SRP mode to Disallowed
back again with an SRP_Enable shortcut. If you don’t do that,
SRP will be enabled automatically at the next reboot of the
system.