Windows installer rules Lab

Executable rules:

This rule can be applied only to .exe and .com file types. (Windows ) The default executable rules are path rules that allow everyone to execute all user who has administrator rights to execute applications in any location on the computer .(windows )

Windows installer rules:

This rule is applicable for .msi and .msp file extensions. It blocks or allows software installation on your computer. The default windows installer rule allows everyone to use digitally signed windows installer files. A local administrator user can run all .msi or .msp file.(Windows )

Script rule:

This rule is applicable for .ps1, .bat,.cmd,.vbs, and .js files. The default script rule allows the execution of all scripts located in the program file folder and windows folder. (Windows ) It permits local administrator to execute scripts in any location.

DLL rule:

This rule is applicable for library files which have .dl and .ocx file extensions. (Windows ) DLL rules are not enabled by default in windows7. To enable the DLL rule, right click on app locker node under Group policy and go to Advanced tab and select the enable the DLL rule collection check box. Figure shows the app locker properties window.

Hands on Exercise

Perform the activity mentioned in lab no. 6 at the end of this chapter.

Summary

In this chapter you learnt:

Windows 7 provides three different types of user account namely administrator user, standard user and guest user.

Windows 7 allows you to change the name and account type of existing user accounts.

Application compatibility policies determine how your windows 7 reacts when it experiences issue.

Application compatibility toolkit is a collection of tools allow you to resolve application compatibility issues.

Two different technologies available in windows 7 to restrict the execution of some specifics application are software restriction policies and application policies.

QUIZ

1. Full in the blanks
2. The application compatibility toolkit is a collection of tools allow you to __________________.
3. Test your web application & websites
4. Resolve application compatibility issues
5. Analyze web application
6. Resolve internet issues
7. The application compatibility manager ________data.
8. Collects
9. Analyzes
10. Tests and mitigates
11. Report
12. You need to install SQL server on your PC to configure__________.
13. Setup Analysis tool
14. Compatibility Administrator
15. Application compatibility manager
16. Standard user Analyzer
17. ________________allow you to apply software restrictions for a specific file, folder, or registry key by specifying their path.
18. Path rule
19. Hash rule
20. Certificate rule
21. Zone rule
22. __________cover files with the .ps1,.bat,.cmd,.vbs and .js extensions.
23. Executable Rules
24. DLL Rules
25. Script Rules
26. Zone Rules

2. Scenario- Based Questions:
3. The wellizon textile company is facing problem as there are visitors who use the computers for a short while and have to be provided with credentials of employees. The engineer wants to provide an account using which the employee data cannot be accessed by visitors. Which method should use to restrict visitors from accessing the personal files and folders?
4. Administrator account
5. Guest account
6. Standard account
7. Temporary account
8. You want to configure a set of app locker rules to block the execution of application software that is not digitally signed by the software vendor. You want to test that these rules work before enforcing them. Which of the following setting you should configure to accomplish this goal?
9. Create app locker publisher rules
10. Create app locker hash rules
11. Configure app locker enforcement to audit executable rules
12. Configure app locker enforcement to audit windows installer rules

Explorative work

Instruction:

1. Refer to internet, reference books or magazine to get the information.
2. Do not copy the information provided in this textbook.
3. Consult your faculty for further guidance.

Explorative questions

Q.1 what do you understand by the following terms:

1. DLL
2. scripts
3. windows installer

________________________________________________________________________________________________________________________________________________________________________________________________Q2. Write the steps to configure an application restriction policy which will prevent the application from executing. For the purpose of this question, you have to stop the windows calculator from executing.

__________________________________________________________________________________________________________________________________________

Lab 1

Objective:

To create a new user account in windows 7.

Hands on Exercise

To create a new user account in windows 7.

1. Click to start- control panel – user Accounts and family safety.
2. Click Add or remove user accounts. The manage account window appears as shown in figure.
3. Click create a new account option shown below on manage Accounts The create new account window appears as shown in figure.

List down the different types of accounts

1. _____________________________________________________________________
2. _____________________________________________________________________
3. Enter the name of new account that you want to create in the New account name
4. Select the type of account. Two options available namely Administrator and standard Select the appropriate option and click create account button.
5. Your new account has been created and you can see the account in list of users of Manage account screen.

Conclusion

_______________________________________________________________________________________________________________________________________

Lap 2

Objective:

To change the name and account type:

Hands on Exercise

To change the name and account type.

1. Click start -control -user Accounts and Family Safety. the user accounts and family safety page of control panel appears as shown in figure.
2. Click User Accounts form user Accounts and family safety page. The user account window appears as shown in figure.
3. Click change your account name. the change your name window appears as shown in figure.
4. Enter the name that you want to change and click change name
5. Click change your account type from user account screen to change the type of user account. The change your account type window appears shown in figure.
6. Select the required type of account and click change account type.

List down the difference between standard user and administrator user account.

________________________________________________________________________________________________________________________________________________

conclusion

______________________________________________________________________________________________________________________________________

Lab 3

Objective:

Enable the Guest user account.

Best Practice:

Keep the Guest Account Disabled

Hands on Exercise

To enable the Guest user account.

1. Click Start and type lusrmgr .msc on the search box to open the local users and group user windows. The local users window. The local users and group user window appease as in figure.
2. Select Users Then the local users and group user windows appears as shown in figure.

What does down arrow indicate for Administrator and Guest user account as shown in figure.

3. Double click on the guest properties window appears as shown in figure.
4. Uncheck Account is disabled to enable guest user account.

Conclusion

________________________________________________________________________________________________________________________________________________________________________________________________________________________

Lab 4

Objective

To delete the user account.

Bast practice

Before deleting the user take the backup of the user profile and their data.

Hands on user Exercise

To delete the user account:

1. Click start – control panel – user Accounts and family safety.
2. Click add or Remove user Accounts under user Accounts. The Manage account window appears as shown in figure.
3. Select the user account that you want to delete. Then it opens the window as shown in figure.
4. Click Delete Account button to delete the account. Then the screen appears as shown in figure.

List down the advantage and disadvantage of password hints.

________________________________________________________________________________________________________________________________________________________________________________________________________________________conciusion

_________________________________________________________________________________________________________________________________________________

Lab 6

Objective:

Restrict application through Group policy i.e. gpedit.Msc.

Hands on Exercise

To restrict application through Group policy i.e. gpedit.msc:

1.click start and enter gpedit.msc in the search box of start menu.

2. open gpedit application from search result. It opens the local group policy editor as shown in figure.
3. Expand User configuration from left pane of local group policy editor.
4. Expand Administrative template node under user configuration and select system none.
5. from the right pane of the window, double click on don’t run specified windows applications. the don’t run specified windows applications dialog box appears as shown in figure.
6. select Enabled option to restrict windows applications and then click show button.
7. click Add button and then type the executable fil name of the program than you want to restrict user from running. For example if you want to restrict a user from running calculator application, type calc.exe.
8. click ok to apply the changes made.

Write down the log file location of your machine.

__________________________________________________________________________________________________________________________________________________

Conclusion

_________________________________________________________________________________________________________________________________________________________________

Read  More…..

सपोर्ट