Software Restriction Policies
In most organizations the majority number of employees runs the same applications and it is quite normal to find a list of approved applications. Apart, from disallowing standard users (non administrator privileges) to install any unapproved applications some IT policies dictate that some applications although required to be present on the computer for administration purposes, standard users are not allowed to execute them. For example, you may want to block admin scripts and specific DLLs from running. You can achieve this with help of Group Policies – Software Restriction Policies.
Categories: Security Tags: certificate, enforcement, Group Policy, hash, Local Group Policy, policy, Restriction, rules, Trusted Publishers certificate
Approving drivers that do not have a trusted certificate
If a device driver package is not signed with a trusted certificate then the user installing the driver needs administrative privileges to be able to complete the installation. You can allow ordinary users (non-administrator user accounts) to install specific drivers that do not have a trusted digital signature by adding them into the driver store. The driver store is a protected area that contains device drivers’ packages that have been approved for installation on the computer. Sometimes, this process is known as staging a driver package.
Categories: Devices Tags: device driver, digital signature, pnputil, staging, Trusted Publishers certificate