300 likes | 493 Views
Module 9. Configuring Applications . Module Overview. Install and Configure Applications Managing Apps from the Windows Store Configuring Internet Explorer Settings Configuring Application Restrictions in the Enterprise. Lesson 1: Install and Configure Applications.
E N D
Module 9 Configuring Applications
Module Overview • Install and Configure Applications Managing Apps from the Windows Store Configuring Internet Explorer Settings Configuring Application Restrictions in the Enterprise
Lesson 1: Install and Configure Applications • Installing Applications in Windows 8 Configuring Default Program Settings Application Compatibility Issues Resolving Common Application-Compatibility Issues Discussion: When to Use Office 365
Configuring Default Program Settings You can configure Default Program behavior by selecting Control Panel > Programs > Default Programs
Application Compatibility Issues Common application compatibility problems may relate to the following areas: • Setup and installation of applications • User Account Control • Windows Resource Protection • Internet Explorer Protected Mode • 64-bit architecture • Windows Filtering Platform • Operating system version changes • Kernel-mode drivers
Resolving Common Application-Compatibility Issues Common mitigation methods include: • Modifying the application configuration • Applying updates or service packs • Upgrading the application • Modifying the security configuration • Running the application in a virtualized environment • Using application compatibility features built into the operating system • Selecting another application • Apply a shim
Discussion: When to Use Office 365 • When would you consider implementing • Office 365?
Lesson 2: Managing Apps from the Windows Store • What Is the Windows Store? Managing Access to Windows Store What Is Sideloading?
What Is the Windows Store? The Windows Store provides a convenient, single location for users to access and download apps
Managing Access to Windows Store Use Group Policy to disable the Store application
What Is Sideloading? Sideloading provides a mechanism for distribution of LOB apps to your client computers without using the Windows Store • You must enable the sideloading facility by editing GPO settings • Your LOB apps must be digitally signed • You can use either dism.exe or Windows PowerShell to add, list, or remove LOB apps
Lesson 3: Configuring Internet Explorer Settings • What Is Compatibility View? Privacy Features The SmartScreen Feature Other Security Features Demonstration: How to Configure Internet Explorer
What Is Compatibility View? • None of the improvements in Internet Explorer 10 matter if websites look bad or work poorly • Compatibility View helps display a webpage as it is meant to be viewed
Privacy Features • InPrivate Browsing is inherently more secure than using Delete Browsing History to maintain privacy because there are no logs kept or tracks made during browsing • Tracking Protection helps monitor the frequency of all third-party content as it appears across all web sites visited by the user • Delete Browsing History enables users and organizations to selectively delete browsing history
Other Security Features • Per-user ActiveX makes it possible for standard users to install ActiveX controls in their own user profile, without requiring administrative privileges • Per-site ActiveX enables IT professionals to use Group Policy to preset allowed controls and their related domains • XSS Filter identifies and neutralizes a cross-site scripting attack if it is replayed in the server’s response • DEP/NX protection helps thwart attacks by preventing code from running in memory that is marked nonexecutable
Demonstration: How to Configure Internet Explorer In this demonstration, you will see how to: • Enable Compatibility View for all websites • Delete browsing history • Configure InPrivate browsing • View add-on management interface • Manage downloads with the download manager
Lab A: Configuring Internet Explorer Security • Exercise 1: Configuring Windows Internet Explorer Logon Information Virtual Machines 20687B-LON-DC1 20687B-LON-CL1 User Name Adatum\Administrator Password Pa$$w0rd Estimated Time: 15 minutes
Lab Scenario Holly Dickson is concerned about her users’ security settings when they are browsing the Internet, especially if they are browsing the Internet while connected to their customer’s networks. She has asked that you investigate improving the security settings on her users’ computers in Internet Explorer.
Lab Review • In the lab, you added the local intranet home page to the Trusted sites. How else could you have ensured that the required ActiveX controls did run?
Lesson 4: Configuring Application Restrictions in the Enterprise • What Is AppLocker? AppLocker Rules Demonstration: How to Configure AppLocker Rules Demonstration: How to Enforce AppLocker Rules
What Is AppLocker? • AppLocker is a security feature that enables you to specify exactly what applications are allowed to run on user desktops Benefits of AppLocker • Controls how users can access and run all types of applications • Ensures that user desktops are running only approved, licensed software
AppLocker Rules Create default AppLocker rules first, before manually creating new rules or automatically generating rules for a specific folder Default rules enable the following: • All users to run files in the default Program Files directory • All users to run all files signed by the Windows operating system • Members of the built-in Administrators group to run all files • Create custom rules and automatically generate rules using an AppLocker wizard found in the Local Security Policy Console
Demonstration: How to Configure AppLocker Rules In this demonstration, you will see how to: • Create new executable rule • Automatically generate Script rules
Demonstration: How to Enforce AppLocker Rules In this demonstration, you will see how to: • Enforce AppLocker Rules • Confirm the executable rule enforcement • Confirm the Script rule enforcement
Lab B: Configuring AppLocker • Exercise 1: Configuring AppLocker Rules Exercise 2: Testing the AppLocker Rules Logon Information Virtual Machines 20687B-LON-DC1 20687B-LON-CL1 User Name Adatum\Administrator Password Pa$$w0rd Estimated Time: 20 minutes
Lab Scenario Holly is concerned that people in her department are spending time listening to music files. She wants a way to disable the Windows Media® Player from running. You decide to implement AppLocker® to prevent members of the IT group from running this program.
Lab Review • In the lab, you configured an executable path for the executable rule. What could you do if you wanted to allow users to run an earlier version of Windows Media Player?
Module Review and Takeaways • Review Questions Tools Best Practice