Software Restriction Policies (SRP) was originally designed in Windows XP and Windows Server 2003 to help IT professionals limit the number of applications that would require administrator access. With the introduction of User Account Control (UAC) and the emphasis of standard user accounts in Windows Vista, fewer applications today require administrator privileges. As a result, AppLocker was introduced to expand the original goals of SRP by allowing IT administrators to create a comprehensive list of applications that should be allowed to run.
The following table compares AppLocker to SRP:
| Feature | Software Rest. Policies | AppLocker |
| Rule scope | Specific user or group (per GPO) | Specific user or group (per rule) |
| Rule conditions provided | File hash, path, certificate, registry path, and Internet zone roles | File hash, path, and publisher rules |
| Rule types provided | Allow and deny | Deny |
| Default rule action | Allow and deny | Deny |
| Audit-only mode | No | Yes |
| Wizard to create multiple rules at one time | No | Yes |
| Policy import or export | No | Yes |
| Rule Collection | No | Yes |
| PowerShell Support | No | Yes |
| Custom error messages | No | Yes |
For more information visit the AppLocker resource pages on Microsoft.com:
http://technet.microsoft.com/en-us/library/dd723678(v=ws.10).aspx
Note: The above content is the same content from the Technet article “AppLocker: Frequently Asked Questions” at:
http://technet.microsoft.com/en-us/library/ee619725(v=WS.10).aspx#BKMK_SRPdifferences.
kurtsh
Kurt Shintaku's Blog 