Block rogue apps with Windows Server -- for free

FREE

Become An Insider

Sign up now and get free access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content from the best tech brands on the Internet: CIO, CITEworld, CSO, Computerworld, InfoWorld, ITworld and Network World. Learn more.

You can stop users from putting bad software on good machines

Windows in some organizations is a free-for-all -- users have local administrator rights, install software to their hearts' content, never update it and generally are susceptible to running bad stuff on good machines. Fortunately for Windows administrators, there is a way to stop that.

Controlling what applications run in your environment sounds like a herculean effort, and make no mistake -- it is a lot of work. Setting up policies that restrict software installation and execution, and using the tools that make that possible, is not just a "check and refresh" type of administrative task. It takes trial, some error, most likely a pilot, and then a gradual rollout. But once you get on the other side, you experience benefits including:

[ Windows 8 is here, and InfoWorld covers Microsoft's new direction, the touch interface for tablet and desktop apps, the transition from Windows 7, and more in the Windows 8 Deep Dive PDF special report. | Stay atop key Microsoft technologies in our Technology: Microsoft newsletter. ]

  • Malware being virtually eliminated. Applications that you do not approve, or whitelist, simply fail to execute.
  • A reduction in desktop support issues related to users installing noncompany-approved applications, like iTunes and Dropbox.
  • Enhanced protection against data leakage, since users cannot circumvent other security policies by using applications that, for example, do not recognize Group Policy settings.

In this piece, I will take a look at the various options for controlling software installation and execution on Windows client computers. Everything I talk about here is included at no extra charge with Windows Server 2008 and up, so there is no extra licensing cost that would typically be associated with third-party tools. And I'll profile some advantages and disadvantages of each approach.

To continue reading, please begin the free registration process or sign in to your Insider account by entering your email address:
Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies