為了協助保護您的電腦免受電子郵件病毒使用軟體限制原則Use Software Restriction Policies to Help Protect Your Computer Against an Email Virus

適用於:Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

本主題提供如何設定應用程式控制項原則來協助保護您的電腦免受與 Windows Server 2008 和 Windows Vista 的電子郵件病毒開始使用軟體限制原則 (SRP) 的資訊。This topic provides information how to set application control polices using Software Restriction Policies (SRP) to help protect your computer against e-mail virus beginning with Windows Server 2008 and Windows Vista.

簡介Introduction

軟體限制原則 (SRP) 是群組原則的功能辨識中加入網域的電腦上執行的軟體程式,以及控制執行這些程式的能力。Software Restriction Policies (SRP) is Group Policy-based feature that identifies software programs running on computers in a domain, and controls the ability of those programs to run. 您可以使用軟體限制原則來建立高度限制的電腦,您可讓只專門辨識應用程式執行設定。You use software restriction policies to create a highly restricted configuration for computers, in which you allow only specifically identified applications to run. 這些整合在一起 Microsoft Active Directory Domain Services 及群組原則,但是您也可以在獨立的電腦上設定。These are integrated with Microsoft Active Directory Domain Services and Group Policy but can also be configured on stand-alone computers. 針對 SRP 的起點,請查看軟體限制原則For a starting point for SRP, see the Software Restriction Policies.

開始使用 Windows Server 2008 R2 和 Windows 7、 Windows AppLocker 可用於而不是或 SRP 搭配您的應用程式控制項策略的一部分。Beginning with Windows Server 2008 R2 and Windows 7 , Windows AppLocker can be used instead of or in concert with SRP for a portion of your application control strategy.

設定可協助抵禦電子郵件病毒的 SRPConfigure SRP to help protect against an e-mail virus

  1. 檢視軟體限制原則,以了解如何運作 SRP 最佳做法。Review the best practices for software restriction policies to understand how SRP works.

  2. 打開軟體限制原則。Open Software Restriction Policies.

  3. 如果您尚未定義軟體限制原則,建立新的軟體限制原則。If you have not previously defined software restriction policies, create new software restriction policies.

  4. 建立路徑規則執行電子郵件附件,您的電子郵件程式會使用的資料夾,然後將安全性設定層級到不允許]Create a path rule for the folder that your e-mail program uses to run e-mail attachments, and then set the security level to Disallowed.

  5. 指定規則適用於的檔案類型。Specify the file types to which the rule applies.

  6. 修改原則設定,讓使用者和群組您想要適用於:Modify policy settings so that they apply to the users and groups that you want:

  7. 測試原則。Test the policy.