* Updated 4/5/10 with clearer instructions for step 1*
In my last blog, I gave an overview of how AppLocker can help you lock down what applications can run on your Windows Embedded Standard 7 device. To demonstrate how AppLocker works, I’ll walk through an example of how to create a rule to block Internet Explorer from running. Here’s how, step by step:
1. AppLocker can be configured through wizards in the Local Group Policy Editor, which you can start by running “gpedit.msc”. AppLocker is located under “Computer Configuration -> Windows Settings -> Security Settings -> Application Control Policies” in that window. Navigate to the Executable Rules option in the navigation on the left. In the Action menu, click Create New Rule.
Comments Product Updates
*Updated 3/25/10- removed section "Types of Service Packs" , added section "Service Packs and Distribution Share"*
This article discusses Service Packs and how they will be used in Windows Embedded Standard 7.
What is a Service Pack?
A common requirement for Windows Embedded Standard 7 devices is controlling what applications can run on the system. If the device only runs your own custom application, such as a kiosk or set-top box, then you might want to ensure that no other applications could be run to break out of the experience. If the device runs a more open shell, such as thin clients, you may want to restrict the set of applications that are allowed to run.
Since Windows Embedded Standard 7 is based on Windows 7, we can leverage a new technology that has been introduced: AppLocker. AppLocker builds and improves on Software Restriction Policies (SRPs) to allow for easy and flexible application lockdown. You can find a thorough summary of AppLocker at its Executive Overview and other articles around the web, but I will offer some highlights and an example. Some of its features are:
As has been announced previously on this blog, the Release Candidate (RC) build of Windows Embedded Standard 7 is now available. You can download this RC from Microsoft Connect (https://connect.microsoft.com/windowsembedded). I would encourage you to download the RC build, create and deploy some OS images, and let us know what you think.
For both the products that I am currently working on and the products I am excited to begin using, the different builds mean different things to me:
*Updated formatting - 4/13/10*
This is the second blog in a series of articles which discusses the troubleshooting and diagnosis of driver installation issues in Windows Embedded Standard 7 (Standard 7). Previously we presented the different phases of setup and a brief introduction to SetupAPI logging and the SetupAPI.dev.log file. We will now start off with the format of the SetupAPI.dev.log file.