About system lockdown

Article:HOWTO27322

Created: 2010-01-08

Updated: 2010-01-15

Article URL http://www.symantec.com/docs/HOWTO27322

Article Type
How To

Product(s)

Show all

Environment

Show all

CLOSE X

Windows Server 2008
Web Edition (x86) SP2, Web Edition (x86), Web Edition (x64) SP2, Web Edition (x64), Standard (x86-32bit) SP2, Standard (x86-32bit), Standard (x64-64bit) SP2, Standard (x64-64bit), Server Core, Enterprise (x86-32bit) SP2, Enterprise (x86-32bit), Enterprise (x64-64bit) SP2, Enterprise (x64-64bit), DataCenter (x86-32bit) SP2, DataCenter (x86-32bit), DataCenter (x64-64bit) SP2, DataCenter (x64-64bit)

Windows Server 2008 R2
WebServer (x64-64bit), Standard (x64-64bit), Enterprise (x64-64bit), DataCenter (x64-64bit)

VMWare ESX
4.0, 3.5 U4, 3.5 U3, 3.5 U2, 3.5 U1, 3.5, 3.0.2, 3.0.1, 3.0, 2.5

Windows XP
Pro 5.1 SP3, Pro 5.1 SP2, Pro 5.1 SP1, Pro 5.1 64 bit SP3, Pro 5.1 64 bit SP2, Pro 5.1 64 bit SP1, Embedded SP3, Embedded SP2, Embedded SP1

Windows Vista
Ultimate RC2, Ultimate (x86) 6.0.6000, Ultimate (x64) 6.0.6000, Starter (x86) 6.0.6000, RC2, Home RC2, Home Premium RC2, Home Premium (x86) 6.0.6000, Home Premium (x64) 6.0.6000, Home Basic (x86) 6.0.6000, Home Basic (x64) 6.0.6000, Enterprise RC2, Enterprise 6.0.6000, Business RC2, Business (x86) 6.0.6000, Business (x64) 6.0.6000

Windows Small Business Server 2008
Standard Edition, Premium Edition

Windows Server 2003 R2
Web Edition (x86), Web Edition (x64), Storage Server Edition (x86), Storage Server Edition (x64), Standard Edition (x86), Standard Edition (x64), Enterprise Edition (x86), Enterprise Edition (x64), Datacenter Edition (x86), Datacenter Edition (x64)

GSX Server for Windows
3.2

Windows Server 2003
Web Server, Web Edition SP2, Web Edition SP1, Storage Server SP2, Storage Server SP1, Storage Server (x64) SP2, Storage Server (x64) SP1, Storage Server (x64), Storage Server, Standard Server(x64), Standard Server SP2 (x64), Standard Server SP2, Standard Server SP1 (x64), Standard Server SP1, Standard Server, Enterprise SP2(x64), Enterprise SP2, Enterprise SP1(x64), Enterprise SP1(IA64), Enterprise ServerSP1, Enterprise Server, Enterprise (x64), Enterprise (IA64), Datacenter SP2(x64), DataCenter SP2

VMware Workstation
6.5, 6.0, 5.0

Windows Small Business Server 2003
Standard Edition

Windows Fundamentals for Legacy PCs
5.1 SP3

Languages

Show all

About system lockdown

System lockdown is a protection setting that you can use to control the applications that can run on the client computer. You can create a file fingerprint list that contains the checksums and the locations of all the applications that are authorized for use at your company. The client software includes a Checksum.exe tool that you can use to create a file fingerprint list. The advantage of system lockdown is that it can be enforced whether or not the user is connected to the network.

You can use system lockdown to block almost any Trojan horse, spyware, or malware that tries to run or load itself into an existing application. For example, you can prevent these files from loading into Internet Explorer. System lockdown ensures that your system stays in a known and trusted state.

Applications that run on the client computer can include the following executable files:

.exe
.com
.dll
.ocx

Symantec recommends that you implement system lockdown in the following stages:

Get an approved software image	Create a software image that includes all of the applications you want users to be able to use on their computers. Use this image to create a file fingerprint list.
Log unapproved applications	Enable system lockdown by logging the applications that are not included in the file fingerprint list. You can then adjust your file fingerprint to include the required applications of users. You can give them appropriate warning before blocking unapproved applications.
Add allowed applications	Add the executables that you want to be allowed even if they are not in the file fingerprint list.
Enable system lockdown	Enforce system lockdown and block unapproved applications.

You have the option to define a custom message to display to users who have blocked applications.

See System lockdown prerequisites.

See Setting up system lockdown.

About authorizing the use of applications, patches, and utilities

Legacy ID

349680

Article URL http://www.symantec.com/docs/HOWTO27322

About system lockdown

About system lockdown

Legacy ID

Please Sign In

Knowledge Base Search

Knowledge Base Search

MySymantec

MySymantec

Contacting Support

Contacting Support