Logging Software Restriction Policy software

This post is a request from the Jimmy T's Lockdown - Warden of your Microsoft Domain session.

in re: creating a log of the software used in your domain for your Software Restriction Policy (SRP) - whitelisting policy, I was asked to share our process. I spoke to my colleague who headed up this project, and here's what he had in his notes:

  • Build a SRP GPO and set it to Explicit Allow so that users aren't hindered while you're collecting
  • Identify the users to be captured and apply GPO. Don't necessarily need everyone, e.g. if some people have the same PC image
  • Set SRP logging to verbose via registry as outlined by this link:Verify Software Restriction Policy.
    • I remember we had to do this in small batches -depending on your environment, this can output a whole lot of data pretty fast.
  • Use basic PowerShell concatenation and filtering methods to...

from SpiceWorld http://ift.tt/2fZLA19

manchester spice corps