8711 » Using Software Restriction Policies to Protect Against Unauthorized Software. 22-Nov-04

The Using Software Restriction Policies to Protect Against Unauthorized Software page begins with:

Published: January 1, 2002 | Updated: May 25, 2004

Abstract

Software restriction policies are a new feature in Microsoft® Windows® XP and Windows Server 2003. This important feature provides administrators with a policy-driven mechanism for identifying software programs running on computers in a domain, and controls the ability of those programs to execute. Software restriction policies can improve system integrity and manageability—which ultimately lowers the cost of owning a computer.

On This Page

 Introduction 
 Software Restriction Policies—An Overview 
 Software Restriction Policy Architecture 
 Software Restriction Policy Options 
 Software Restriction Policy Design 
 Step-by-Step Guide for Designing a Software Restriction Policy 
 Step-by-Step Guide for Creating Additional Rules 
 Commonly Overlooked Rules 
 Scenarios 
 Deployment Considerations 
 Troubleshooting Software Restriction Policies 
 Appendix 
 Summary 
 Related Links

Introduction

Software restriction policies are a part of Microsoft's security and management strategy to assist enterprises in increasing the reliability, integrity, and manageability of their computers. Software restriction policies are one of many new management features in Windows XP and Windows Server 2003.

This article provides an in-depth look at how software restriction policies can be used to:

• Fight viruses
 
• Regulate which ActiveX controls can be downloaded
 
• Run only digitally signed scripts
 
• Enforce that only approved software is installed on system computers
 
• Lockdown a machine

NOTE: See the Using Software Restriction Policies to Protect Against Unauthorized Software page.