Jeremy Moskowitz (fellow Group Policy MVP) has just appeared in an interview with Matt Hester on Bytes by TechNet web site.
They covered how IT Professionals start with Windows 7 and Windows Server 2008 R2, why they need to know about Group Policy and what is new with Group Policy in Windows 7. Jeremy also highlighted some tips for his IT Pro peers related to some components of Group Policy including the Central Store.
Check out the video below:
This video should work with Silverlight or HTML5 video supported browsers.
Blog Post: Jeremy Moskowitz (Group Policy MVP) interview by Matt Hester http://bit.ly/dCHND5
Group Policy Center Jeremy Moskowitz (Group Policy MVP) interview http://bit.ly/ancSMK
Great video! However, I wanted to clarify the part about Software Restriction Policy (SRP) where Jeremy mentions that SRP could only indicate what’s bad (blacklist policy), whereas AppLocker flips that and can indicate what is good (whitelist policy). SRP can also accomplish the whitelist policy method very easily by choosing the “Disallowed” option at:
“Computer Configuration | Windows Settings | Security Settings | Software Restriction Policies | Security Levels” (you’ll need to right click on “Software Restriction Policies” and create a new policy first though).
With this, only items defined as “unrestricted” under “Additional Rules” will be allowed to run, which is similar to AppLocker. I use this in my company with great results.
One positive change that I’ve noticed with AppLocker is that we can now define specific security groups that can be set to exempt AppLocker restrictions, whereas with SRP, only the admins could be exempt.