Create Group Policy to Whitelist Applications

Create Group Policy to Whitelist Applications

Create Group Policy to Whitelist Applications – Ransomware prevention

 

Recommended to test Whitelisting in a test environment before deploying in production environment. Purpose is to Block Ransomware, Block Java Updates You will need to manually add Whitelist entries for each new Java Update you wish to install

Go to https://java.com/en/download/

Take note of the latest Java Version (eg, 8u301)

Login to your to a server that can Access/Create/Edit Group Policy objects

Open the run command, type in gpmc.msc – Click OK

 

Right click on the Organizational Unit you wish add the Whitelist to, Select the first option.

(Create GPO)

Enter a name for the Whitelist, Click OK (i.e CryptoLocker/Ransomware Prevention)

Link the newly create GPO to any other Organizational Units you want to be added to the GPO.

(eg. Right click on Computers OU, ‘select Link an Existing GPO…’ then select the new GPO)

Right click on the GPO, click Edit…

Drill down in; Computer Configuration >> Policies >> Windows Settings >> Security Settings >> Software Restriction Policies

Right click on Software Restriction Policies, Select the first option

Right click on Additional Rules, Select New Path Rule…

Enter the following path: %localAppData%\*\*.exe

Security Level = Disallowed

Click OK

Create Additional Path Rules for the following paths:

%localAppData%\*.exe

%AppData%\*.exe

%AppData%\*\*.exe

%Temp%\*.zip\*.exe

%Temp%\7z*\*.exe

%Temp%\Rar*\*.exe

%Temp%\wz*\*.exe

Your list should look like this:

Exit out of Group Policy Editor.

Create another GPO called Cryptolocker/Ransomware – Whitelist Allow (Link to same OU’s as previous GPO)

Right click on the GPO, click Edit…

Drill down in; – Computer Configuration >> Policies >> Windows Settings >> Security Settings >> Software Restriction Policies

Right click on Software Restriction Policies, Select the first option

Right click on Additional Rules, Select New Path Rule…

Under ‘Path:’ enter the path of the Java Installer you wish to allow:

%localappData%\temp\jre-8u301-windows-i586-iftw.exe

 

Depending on which version of Java you are updating, replace ‘8u91’ with the version you want to allow.

Set Security Level to ‘Unrestricted’

Enter an appropriate description name.

Click OK.

Verify that new Path Rule has been added to Whitelist.

Close GPO Editor.

Refresh Group policy Management

Go down to the Whitelisting Çryptolocker/Ransomware – Whitelist Allow GPO, click on it once

In the window on the right select ‘Settings’ from the tabs.

Drill down to; Computer Configuration >> Policies >> Windows Settings >> Security Settings >> Software Restriction Policies/Additional Rules

Verify that new Path rule is shown in Policy List.

Exit Group Policy Management.

 

Go to a machine what is linked to the GPO to test whitelist.

Run Java Updater/Installer

Note the successful installation of Java

If fails = Perform forced Update to GPO

From Administrative Command Prompt,

gpupdate /force

 

 

iDRAC – Unable to launch application error

iDRAC – Unable to launch application error

iDRAC – Unable to launch application error

You may come across an issue when trying to access the iDRAC virtual console.
When attempting to launch iDRAC virtual console you may get the following error.

If you click Details
it may something about a certificate issue.
Click Close, exit out of the iDRAC Java applet

 

The java.security file will need to be edited to allow SSL certificates lower than 1024 bits encryption.

Navigate to C:\Program Files (x86)\Java\<version>\lib\security\
Right click on the java.security file and Open With Notepad

Search for the string (CTRL +F) named
jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024

Once found, put a hashtag (#) infront of it to disable this setting

Save the java.security file to the Desktop as it will not let you directly save it to the current file path.
Once saved drag and drop the java.security file from the Desktop into the Java path you were previously in.
C:\Program Files (x86)\Java\<version>\lib\security\

Overwrite the current java.security file

Go back into the iDRAC and download a new Virtual Console Java applet.
You should no longer have the error message that was being displayed.

 

YOU MAY NEED TO PORT FORWARD PORT 5900 TCP if having ‘Connection has been dropped’ issue