windows_applocker

Manage Windows Applocker

noma4i

noma4i

8,638 downloads

8,638 latest version

3.1 quality score

Version information

  • 0.2.0 (latest)
released Feb 9th 2015
This version is compatible with:
  • Puppet Enterprise 3.x
  • Puppet >= 3.3.0 < 4.0.0
  • Windows

Start using this module

Documentation

noma4i/windows_applocker — version 0.2.0 Feb 9th 2015

windows_applocker

Manage Windows Applocker policy.

Overview of Windows AppLocker

Available options

rule_type

  • path
  • hash
  • wildcard

action

  • Allow (default)
  • Deny

rule_id

  • Rule id MUST be uniq. Is used to check rule presence

identity

  • Everyone (default)
  • NT Identity name like: All, Administrator etc

app_path

  • Path

app_name

  • Application name, calculator.exe

app_sha256

  • Precalculated sha256 checksum

app_length

  • Precalculated app length in bytes

How to use

  windows_applocker { 'Default Rule Windows':
    rule_type => 'wildcard',
    rule_id => 100,
    app_path => '%WINDIR%\*',
  }
  windows_applocker { 'Default Rule Program Files':
    rule_type => 'wildcard',
    rule_id => 200,
    app_path => '%PROGRAMFILES%\*',
  }

  windows_applocker { 'Unlock WABMIG':
    rule_type => 'path',
    rule_id => 300,
    app_path => 'C:\Program Files\Windows Mail\wabmig.exe',
    app_name => 'wabmig.exe'
  }

  windows_applocker { 'Unlock WABMIG by hash':
    rule_type => 'hash',
    rule_id => 400,
    app_path => 'C:\Program Files\Windows Mail\wabmig.exe',
    app_name => 'wabmig.exe'
  }

  windows_applocker { 'Unlock WABMIG by PATH Mask':
    rule_type => 'wildcard',
    rule_id => 500,
    app_path => 'C:\Program Files\Windows Mail\*'
  }

  windows_applocker { 'Unlock WABMIG by KNOWN Hash':
    rule_type => 'hash',
    rule_id => 600,
    app_name => 'test.exe',
    app_sha256 => '6c383b5b1c396bdd1484d77d479ca5cb7ac30d8b8352b1975f8c9c59132562ac',
    app_length => '202020'
  }

  windows_applocker { 'Lock Regedit':
    rule_type => 'hash',
    rule_id => 600,
    app_path => '%WINDIR%\regedit.exe',
    app_name => 'regedit.exe',
    action => 'Deny'
  }