Downloads:

591

Downloads of v 2.2.0.0:

138

Last Update:

1/13/2019

Package Maintainer(s):

Software Author(s):

  • IWR Consultancy

Tags:

iwr software restriction policy admin

Simple Software Restriction Policy (Install)

2.2.0.0 | Updated: 1/13/2019

Downloads:

591

Downloads of v 2.2.0.0:

138

Maintainer(s):

Software Author(s):

  • IWR Consultancy

Simple Software Restriction Policy (Install) 2.2.0.0

All Checks are Passing

2 Passing Test


Validation Testing Passed


Verification Testing Passed

Details

To install Simple Software Restriction Policy (Install), run the following command from the command line or from PowerShell:

>

To upgrade Simple Software Restriction Policy (Install), run the following command from the command line or from PowerShell:

>

To uninstall Simple Software Restriction Policy (Install), run the following command from the command line or from PowerShell:

>

NOTE: This applies to both open source and commercial editions of Chocolatey.

1. Ensure you are set for organizational deployment

Please see the organizational deployment guide

  • Open Source or Commercial:
    • Proxy Repository - Create a proxy nuget repository on Nexus, Artifactory Pro, or a proxy Chocolatey repository on ProGet. Point your upstream to https://chocolatey.org/api/v2. Packages cache on first access automatically. Make sure your choco clients are using your proxy repository as a source and NOT the default community repository. See source command for more information.
    • You can also just download the package and push it to a repository Download

3. Enter your internal repository url

(this should look similar to https://chocolatey.org/api/v2)

4. Choose your deployment method:


choco upgrade simple-software-restriction-policy -y --source="'STEP 3 URL'" [other options]

See options you can pass to upgrade.

See best practices for scripting.

Add this to a PowerShell script or use a Batch script with tools and in places where you are calling directly to Chocolatey. If you are integrating, keep in mind enhanced exit codes.

If you do use a PowerShell script, use the following to ensure bad exit codes are shown as failures:


choco upgrade simple-software-restriction-policy -y --source="'STEP 3 URL'" 
$exitCode = $LASTEXITCODE

Write-Verbose "Exit code was $exitCode"
$validExitCodes = @(0, 1605, 1614, 1641, 3010)
if ($validExitCodes -contains $exitCode) {
  Exit 0
}

Exit $exitCode

- name: Ensure simple-software-restriction-policy installed
  win_chocolatey:
    name: simple-software-restriction-policy
    state: present
    version: 2.2.0.0
    source: STEP 3 URL

See docs at https://docs.ansible.com/ansible/latest/modules/win_chocolatey_module.html.

Coming early 2020! Central Managment Reporting available now! More information...


chocolatey_package 'simple-software-restriction-policy' do
  action    :install
  version  '2.2.0.0'
  source   'STEP 3 URL'
end

See docs at https://docs.chef.io/resource_chocolatey_package.html.


Chocolatey::Ensure-Package
(
    Name: simple-software-restriction-policy,
    Version: 2.2.0.0,
    Source: STEP 3 URL
);

Requires Otter Chocolatey Extension. See docs at https://inedo.com/den/otter/chocolatey.


cChocoPackageInstaller simple-software-restriction-policy
{
   Name     = 'simple-software-restriction-policy'
   Ensure   = 'Present'
   Version  = '2.2.0.0'
   Source   = 'STEP 3 URL'
}

Requires cChoco DSC Resource. See docs at https://github.com/chocolatey/cChoco.


package { 'simple-software-restriction-policy':
  provider => 'chocolatey',
  ensure   => '2.2.0.0',
  source   => 'STEP 3 URL',
}

Requires Puppet Chocolatey Provider module. See docs at https://forge.puppet.com/puppetlabs/chocolatey.


salt '*' chocolatey.install simple-software-restriction-policy version="2.2.0.0" source="STEP 3 URL"

See docs at https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.chocolatey.html.

5. If applicable - Chocolatey configuration/installation

See infrastructure management matrix for Chocolatey configuration elements and examples.

This package was approved by moderator gep13 on 1/14/2019.

Description


choco://simple-software-restriction-policy
To use choco:// protocol URLs, install (unofficial) choco:// Protocol support


![Screenshot of Simple Software Restriction Policy] (https://iwrconsultancy.co.uk/img/ssrp-desktopwindow.jpg)

Ransomware is one of the most serious security issues to ever hit the IT industry. A key reason for its severity is that its payload is largely unhindered by traditional security measures such as limited user working or signature-based antivirus scanning.

In order to counteract ransomware, we need to look to entirely different security strategies. An important component of such a strategy can be the implementation of a Software Restriction Policy.

In essence, a Software Policy lays down rules about where on disk programs can be run from. Thus, programs in 'Program Files' will be given the OK, but programs in 'Downloads' will not. Since this defensive mechanism does not rely on identifying a given program as malicious, it is in principle effective against all strains of malware.

Software Restriction Policies are in fact a part of Group Policy, and have been around since the introduction of Windows XP. Thus they are nothing new, although they have been largely overlooked by both IT admins and home users until now.

One of the reasons for the low uptake has undoubtedly been that the Group Policy Editor controls for Software Policies are neither very convenient nor very easy to use. Even after you've figured out what is a very complex set of controls, you are faced with the issue that you cannot easily turn the policy on or off.

Our Simple Software Restriction Policy utility overcomes that. As the name suggests, it turns a complex piece of group policy editing into a simple matter of installing the utility and selecting a few options. What's more, if you need to suspend the policy, that is only a few clicks away and it takes effect immediately, no reboot needed.

A SRP has other advantages besides hardening the computer against malware. For example, it allows you to control the launching of programs from USB key or DVD, other routes by which unwanted software may find its way onto your computer.

Perhaps one of the best features of SSRP is that during normal use of the computer you hardly know it's there. No screen dimming, no continual nags. About the only time you need to interact with it, is if installing or removing software. In which case you can allow yourself 30 minutes to do the work, after which the policy will reinstate itself.

SSRP also offers a means of launching specified programs with limited rights. On legacy systems where the standard user is an Admin, this can very usefully restrict the damage that a compromised Web browser or email client can do to the system. (This feature is turned off by default since later Windows versions have their own means of achieving this, UAE. )

PACKAGE NOTES


Click here to Patreon-ize the package maintainer.



tools\ChocolateyInstall.ps1
$ErrorActionPreference = 'Stop'
$packageName = 'simple-software-restriction-policy'
$toolsDir    = "$(Split-Path -parent $MyInvocation.MyCommand.Definition)"
$url         = "$toolsDir\SoftwarePolicy220Setup.exe"
$checksum    = 'A5D6A2D8CE5F8F80D7CAA54509B8BB30C8483002FC6D7A084391F14C89C92F0A'
 
$packageArgs = @{
  packageName   = $packageName
  unzipLocation = $toolsDir
  fileType      = 'EXE'
  url           = $url
  checksum      = $checksum
  checksumType  = 'sha256'
  silentArgs    = '/VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-'
  softwareName  = 'Software Policy*'
}
 
Install-ChocolateyPackage @packageArgs
Remove-Item $toolsDir\*.exe -Force | Out-Null
tools\LICENSE.txt
==================== Simple Software Restriction Policy ====================

https://iwrconsultancy.co.uk/softwarepolicy

Legal:
As ever, you use this system-level utility entirely at your own risk. Various forms of disaster are not excluded from the list of possible outcomes of its incorrect use. Or, even of its correct use.

This software may be duplicated any number of times, and used in private or commercial IT operations. The software may not be sold for profit in any shape or form. Third-party websites and P2P hosts may offer copies for download so long as these conditions are met.

The source code and executables of this software are released under the GNU Public License, version 3. Icons and other graphics remain the intellectual property of IWR Consultancy, and may not be used in derivative works without permission.

Thanks are due to the members of the AutoIt coding team at autoitscript.com for the programming language itself, and to various contributors for the library routines which have saved a great deal of work.

It is not necessary to supply source code with every downloaded copy, so long as a link to the publisher's website is included in some form or other at the download location.


From: Ian Macdonald [mailto:[email protected]] 
Sent: Saturday, October 1, 2016 1:34 AM
To: bcurran3
Subject: Re: IWRC Website Enquiry

Not met this package manager, but you can roll SSRP out using a silent install option anyway. 

There have been suggestions from site admins that  central adminstration of policies would be useful, and this is maybe something we'll look into. 

We don't offer direct download links. The present setup is designed to keep robots out, a protection which has unfortunately become necessary. Basically when you click the link, a php script runs that does various checks  before allowing you to download the file. 

There is no restriction on hosting a copy elsewhere, though. 

Regards, Ian. 

==================== Simple Software Restriction Policy ====================
tools\SoftwarePolicy220Setup.exe
md5: 3E2A28E0FA2F638366406F1197FAEB9C | sha1: A53E22EB01D58ABE2653554BF7C859ECF98E10B7 | sha256: A5D6A2D8CE5F8F80D7CAA54509B8BB30C8483002FC6D7A084391F14C89C92F0A | sha512: C2658FA71C833FB1872517D3389C41B406F8C8CC756D2AFE718D1887FD1586C9F8B012373989257B234F1728CC027A64121690E85C48335D731F1580BCF82AD3
tools\VERIFICATION.txt
==================== Simple Software Restriction Policy ====================

https://iwrconsultancy.co.uk/downloads.htm

SoftwarePolicy220Setup.exe

Current version 2.2.0.0 Setup. 1568502 bytes. Released 19/10/2018. VirusTotal Report 
SHA256: A5D6A2D8CE5F8F80D7CAA54509B8BB30C8483002FC6D7A084391F14C89C92F0A

==================== Simple Software Restriction Policy ====================

In cases where actual malware is found, the packages are subject to removal. Software sometimes has false positives. Moderators do not necessarily validate the safety of the underlying software, only that a package retrieves software from the official distribution point and/or validate embedded software against official distribution point (where distribution rights allow redistribution).

Chocolatey Pro provides runtime protection from possible malware.

Version Downloads Last Updated Status
Simple Software Restriction Policy (Install) 2.1.0.0 453 Saturday, October 1, 2016 Approved

This package has no dependencies.

Discussion for the Simple Software Restriction Policy (Install) Package

Ground Rules:

  • This discussion is only about Simple Software Restriction Policy (Install) and the Simple Software Restriction Policy (Install) package. If you have feedback for Chocolatey, please contact the Google Group.
  • This discussion will carry over multiple versions. If you have a comment about a particular version, please note that in your comments.
  • The maintainers of this Chocolatey Package will be notified about new comments that are posted to this Disqus thread, however, it is NOT a guarantee that you will get a response. If you do not hear back from the maintainers after posting a message below, please follow up by using the link on the left side of this page or follow this link to contact maintainers. If you still hear nothing back, please follow the package triage process.
  • Tell us what you love about the package or Simple Software Restriction Policy (Install), or tell us what needs improvement.
  • Share your experiences with the package, or extra configuration or gotchas that you've found.
  • If you use a url, the comment will be flagged for moderation until you've been whitelisted. Disqus moderated comments are approved on a weekly schedule if not sooner. It could take between 1-5 days for your comment to show up.
comments powered by Disqus