The Using Software Restriction Policies to Protect Against Unauthorized Software page begins with:
Published: January 1, 2002 | Updated: May 25, 2004
Abstract
Software restriction policies are a new feature in Microsoft® Windows® XP and Windows Server 2003. This important feature provides administrators with a policy-driven mechanism for identifying software programs running on computers in a domain, and controls the ability of those programs to execute. Software restriction policies can improve system integrity and manageability—which ultimately lowers the cost of owning a computer.
On This Page
Introduction
Software Restriction Policies—An Overview
Software Restriction Policy Architecture
Software Restriction Policy Options
Software Restriction Policy Design
Step-by-Step Guide for Designing a Software Restriction Policy
Step-by-Step Guide for Creating Additional Rules
Commonly Overlooked Rules
Scenarios
Deployment Considerations
Troubleshooting Software Restriction Policies
Appendix
Summary
Related Links
Introduction
Software restriction policies are a part of Microsoft's security and management strategy to assist enterprises
in increasing the reliability, integrity, and manageability of their computers. Software restriction policies
are one of many new management features in Windows XP and Windows Server 2003.
This article provides an in-depth look at how software restriction policies can be used to:
• Fight viruses
• Regulate which ActiveX controls can be downloaded
• Run only digitally signed scripts
• Enforce that only approved software is installed on system computers
• Lockdown a machine
NOTE: See the
Using Software Restriction Policies to Protect Against Unauthorized Software page.