-
-
Save tyranid/f5337c4f9a79f9d2afb52729e8e448fb to your computer and use it in GitHub Desktop.
Applocker policy for part 3 of blog series.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<AppLockerPolicy Version="1"> | |
<RuleCollection Type="Appx" EnforcementMode="Enabled"> | |
<FilePublisherRule Id="a9e18c21-ff8f-43cf-b9fc-db40eed693ba" Name="(Default Rule) All signed packaged apps" Description="Allows members of the Everyone group to run packaged apps that are signed." UserOrGroupSid="S-1-1-0" Action="Allow"> | |
<Conditions> | |
<FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*"> | |
<BinaryVersionRange LowSection="0.0.0.0" HighSection="*" /> | |
</FilePublisherCondition> | |
</Conditions> | |
</FilePublisherRule> | |
</RuleCollection> | |
<RuleCollection Type="Dll" EnforcementMode="Enabled"> | |
<FilePathRule Id="3737732c-99b7-41d4-9037-9cddfb0de0d0" Name="(Default Rule) All DLLs located in the Program Files folder" Description="Allows members of the Everyone group to load DLLs that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow"> | |
<Conditions> | |
<FilePathCondition Path="%PROGRAMFILES%\*" /> | |
</Conditions> | |
</FilePathRule> | |
<FilePathRule Id="bac4b0bf-6f1b-40e8-8627-8545fa89c8b6" Name="(Default Rule) Microsoft Windows DLLs" Description="Allows members of the Everyone group to load DLLs located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow"> | |
<Conditions> | |
<FilePathCondition Path="%WINDIR%\*" /> | |
</Conditions> | |
</FilePathRule> | |
<FilePathRule Id="fe64f59f-6fca-45e5-a731-0f6715327c38" Name="(Default Rule) All DLLs" Description="Allows members of the local Administrators group to load all DLLs." UserOrGroupSid="S-1-5-32-544" Action="Allow"> | |
<Conditions> | |
<FilePathCondition Path="*" /> | |
</Conditions> | |
</FilePathRule> | |
</RuleCollection> | |
<RuleCollection Type="Exe" EnforcementMode="Enabled"> | |
<FilePublisherRule Id="6f6c4516-d987-4ed7-9787-f07924a72243" Name="MICROSOFT® WINDOWS® OPERATING SYSTEM, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Allow"> | |
<Conditions> | |
<FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT® WINDOWS® OPERATING SYSTEM" BinaryName="*"> | |
<BinaryVersionRange LowSection="*" HighSection="*" /> | |
</FilePublisherCondition> | |
</Conditions> | |
</FilePublisherRule> | |
<FilePathRule Id="921cc481-6e17-4653-8f75-050b80acca20" Name="(Default Rule) All files located in the Program Files folder" Description="Allows members of the Everyone group to run applications that are located in the Program Files folder." UserOrGroupSid="S-1-1-0" Action="Allow"> | |
<Conditions> | |
<FilePathCondition Path="%PROGRAMFILES%\*" /> | |
</Conditions> | |
</FilePathRule> | |
<FilePathRule Id="a61c8b2c-a319-4cd0-9690-d2177cad7b51" Name="(Default Rule) All files located in the Windows folder" Description="Allows members of the Everyone group to run applications that are located in the Windows folder." UserOrGroupSid="S-1-1-0" Action="Allow"> | |
<Conditions> | |
<FilePathCondition Path="%WINDIR%\*" /> | |
</Conditions> | |
</FilePathRule> | |
<FilePathRule Id="fd686d83-a829-4351-8ff4-27c7de5755d2" Name="(Default Rule) All files" Description="Allows members of the local Administrators group to run all applications." UserOrGroupSid="S-1-5-32-544" Action="Allow"> | |
<Conditions> | |
<FilePathCondition Path="*" /> | |
</Conditions> | |
</FilePathRule> | |
<FileHashRule Id="e5b58fa4-ef4c-46fb-b02c-8c1e42603f95" Name="notepad.exe" Description="" UserOrGroupSid="S-1-1-0" Action="Allow"> | |
<Conditions> | |
<FileHashCondition> | |
<FileHash Type="SHA256" Data="0x5BF6CCC91DD715E18D6769AF97DD3AD6A15D2B70326E834474D952753118C670" SourceFileName="notepad.exe" SourceFileLength="181248" /> | |
</FileHashCondition> | |
</Conditions> | |
</FileHashRule> | |
</RuleCollection> | |
<RuleCollection Type="Msi" EnforcementMode="NotConfigured" /> | |
<RuleCollection Type="Script" EnforcementMode="NotConfigured" /> | |
</AppLockerPolicy> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment