The Using Software Restriction Policies to Protect Against Unauthorized Software page begins with:
Published: January 1, 2002 | Updated: May 25, 2004
AbstractSoftware restriction policies are a new feature in Microsoft® Windows® XP and Windows Server 2003. This important feature provides administrators with a policy-driven mechanism for identifying software programs running on computers in a domain, and controls the ability of those programs to execute. Software restriction policies can improve system integrity and manageability—which ultimately lowers the cost of owning a computer.
On This Page
Introduction Software Restriction Policies—An Overview Software Restriction Policy Architecture Software Restriction Policy Options Software Restriction Policy Design Step-by-Step Guide for Designing a Software Restriction Policy Step-by-Step Guide for Creating Additional Rules Commonly Overlooked Rules Scenarios Deployment Considerations Troubleshooting Software Restriction Policies Appendix Summary Related Links
IntroductionSoftware restriction policies are a part of Microsoft's security and management strategy to assist enterprises in increasing the reliability, integrity, and manageability of their computers. Software restriction policies are one of many new management features in Windows XP and Windows Server 2003.
This article provides an in-depth look at how software restriction policies can be used to:
• Fight viruses • Regulate which ActiveX controls can be downloaded • Run only digitally signed scripts • Enforce that only approved software is installed on system computers • Lockdown a machineNOTE: See the Using Software Restriction Policies to Protect Against Unauthorized Software page.