none
Software Restriction Policy/AppLocker Restricting Process by Parameters

    Question

  • Is there any way with Software Restriction Policy or AppLocker to restrict the parameters a process is called with? For example we only want to allow: some.exe <this is OK to run>, but block everything else passed to that exe at start-up?

    Friday, January 02, 2015 4:14 PM

Answers

All replies

  • Hi,

    If this policy is not in place, means all are allowed. Once you define this only the allowed format of executable would be applied.

    Refer following links

    For App Locker :

    http://technet.microsoft.com/en-us/library/ee791899.aspx

    For S/w Restriction:

    http://technet.microsoft.com/en-us/library/cc786941%28v=ws.10%29.aspx

    • Proposed as answer by Prabhu Mallick Saturday, January 03, 2015 5:11 AM
    • Marked as answer by Frank Shen5Moderator Monday, January 19, 2015 1:24 AM
    • Unmarked as answer by PanosE Monday, January 19, 2015 11:41 AM
    • Unproposed as answer by PanosE Monday, January 19, 2015 11:44 AM
    Saturday, January 03, 2015 5:10 AM
  • Hi,

    >>Is there any way with Software Restriction Policy or AppLocker to restrict the parameters a process is called with?

    How is it going? Based on the description, I am afraid that we should not be able to acheive this. As you may already know, both SRP and Applocker use policy rules to restrict or un-restrict softwares. The policy rules of SRP are: Certificate rules, Hash rules ,Internet zone rules, Path rules ; the rule conditions of Applocker are: Publisher, Path, File hash.

    Regarding SRP rules and Applocker rules, the following articles can be referred to for more information.

    Work with Software Restriction Policies Rules

    http://technet.microsoft.com/en-us/library/hh994597.aspx

    Understanding AppLocker Rules

    http://technet.microsoft.com/en-us/library/dd759068.aspx

    TechNet Subscriber Support
    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

    Best regards,
    Frank Shen




    Tuesday, January 06, 2015 2:06 PM
    Moderator
  • Thanks guys. To clarify: I understand how SRP/AppLocker generally work I just wanted to double check if there was any way to get them apply to particular executable parameters rather than the executable themselves which as Frank Shen says doesn't seem to be possible. Many thanks for you posts however.
    Monday, January 19, 2015 11:43 AM
  • > just wanted to double check if there was any way to get them apply to
    > particular executable parameters rather than the executable
     
    No.
     

    Martin

    Mal ein GUTES Buch über GPOs lesen?

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))
    Monday, January 19, 2015 3:44 PM