How to Whitelist Applications Using Software Restriction Policies (SRP)

How to Whitelist Applications Using Software Restriction Policies (SRP)

Whitelisting Applications with Software Restriction Policy (SRP)

With the recent hike in the number of malware attacks on enterprises, application whitelisting through Software Restriction Policies (SRP) is gaining popularity among administrators. SRP is a Group Policy-based feature from Microsoft that helps admins identify and control the ability of software programs and processes running on computers that are linked to a domain.
 
Application whitelisting via SRP is done by configuring the "Allow List Mode" where only a limited number of required programs are allowed to run, while all other programs are blocked from running by default. With SRP, admins can control the following file types from running: 
  1. Executables
  2. Dll's
  3. Scripts
  4. Windows Installers 

Configuring SRPs for Whitelisting Applications

To configure SRP to run in the whitelist mode, follow these steps: 
  1. Create a new Group Policy Object (GPO) and give it a name
  2. Edit the newly created GPO in the Group Policy Object Editor 
  3. Navigate to User Configuration → Windows Settings → Security Settings → Software Restriction Policies 
  4. Right-click on the Software Restriction Policies folder and select New Software Restriction Policies from the menu.
  5. Once the new policy is created, select the Enforcement setting.
  6. Double-click the Enforcement setting to open the Enforcement Properties dialog box.
  7. Select the All Software Files radio button so SRP will be applied to both executables and libraries.
  8. Select the All Users radio button so SRP will be applied to all domain users or select All Users Except Domain Administrators based on the need.
  9. Click the OK button when finished.
  10. In the Group Policy Object Editor, click on the Security Levels folder to configure the SRP operation mode.
  11. Double-click the Disallowed security level and then click the Set as Default radio button to configure the SRP to run in the whitelist mode. 
Though whitelisting applications using SRP is not a comprehensive solution to fight against malware infections and attacks, it is recommended to use this in conjecture with other security measures. 

    • Related Articles

    • Account Policies

      Even though, AD has implemented strong authentication protocols like Kerberos to protect sensitive information stored in the directory, a malicious user, can still break into the directory by gaining knowledge of the username and password of a user ...

    • Using GPO to prevent access to desktop application

      Introduction Security breaches via unauthorized application access are a growing concern for system administrators. The challenge of mitigating such vulnerabilities, while ensuring that essential applications remain accessible, is intensified by the ...

    • 2FA for Azure AD Apps: How to Enable using Conditional Access Policies

      Configuring Two Factor Authentication for Cloud Apps in Azure AD In an earlier post, we discussed in depth about how single sign-on (SSO) for cloud apps in hybrid Active Directory works and the various methods of implementing it. However, SSO alone ...

    • Fine-Grained Password Policies

      In Active Directory, there can be only one Password Policy and Account-Lockout Policy per domain. Situations may arise in which setting different account policies for different types of users will be required. For example, employees in the finance ...

    • Managing Websites using Active Directory Group Policy Objects (GPO)

      How to Blacklist/ Whitelist and Bookmark select Websites on Browsers using GPO Organizations frequently need to block or restrict access to specific websites and applications for security and management reasons. Certain websites may not be safe and ...