System Lock Down Policy
Need Suggestions on below.
1. In ADC , there is no option to block a file based on digital signature.
2. There is should be an option to add SCCM , AD , WSUS servers as whitelist in ADC - System lock down policy
We cannot add a finger print value manually everytime when the hotfix/patches are released from MS.
There should be an option or way to whitlist the above server and allow the windows patches and SCCM jobs on a system lock down machine.
3. When Finger Print DB is prepared from a machine ( WIndows 7 -32 bit ) the same finger print cannot be used on a different machine with same OS.
We cannot prepare finger print DB on every single machine. Dynamic Whilisting approach would be the best way in System Lock Down Policy.
Any ideas would be helpful.