User Account Control (UAC) settings are a subset of the Security Options settings described in the previous section. There are ten policies that you can use to configure the behavior of UAC on computers targeted by Group Policy, and these policies are the same as those in Windows 7 and Windows Server 2008 R2.
One thing that has changed in Windows 8 and Windows Server 2012 is that it is no longer possible to completely disable UAC on the computer. This is because the infrastructure that supports running Windows 8 apps requires UAC. As a result, disabling UAC is no longer supported on Windows 8.
Policies for basic auditing, which are found under Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Audit Policy, allow you to audit account logon events, privilege use, and other user or system activity.
Policies for advanced auditing, which are found under Computer Configuration\Policies\Windows Settings\Security Settings\Advanced Audit Policy Configuration, perform auditing functions similar to those performed by the basic audit policies found under Local Policies\Audit Policy. However, the advanced audit policies allow you to be more selective about the number and types of events you want to audit. For example, while basic audit policy provides a single setting for auditing account logons, advanced audit policy provides four separate settings for this purpose.
One new type of advanced audit policy (Audit Removable Storage) is shown in Figure 5. This new policy provides you with the ability to track the usage of removable storage devices. If this policy is enabled in a GPO that targets users, an audit event is generated each time a user attempts to access a removable storage device. Two types of audit events are logged by this policy:
Success audits (Event 4663) record successful attempts to write to or read from a removable storage device.
Failure audits (Event 4656) record unsuccessful attempts to access removable storage device objects.
AppLocker can be used to control which applications and files users can run on their computers. AppLocker was introduced in Windows 7 and Windows Server 2008 R2, and its policies are found under Computer Configuration\Policies\Windows Settings\Security Settings\Application Control Policies\AppLocker.
The Software Restriction Policies (SRP) feature was introduced in Windows XP and Windows Server 2003 to provide administrators with a policy-driven mechanism to identify programs running on machines in a domain and to control how those programs can execute. SRP settings are found under both Computer Configuration\Policies\Windows Settings\Security Settings and User Configuration\Policies\Windows Settings\Security Settings. SRP is similar to AppLocker but has more limited functionality.
With the introduction of AppLocker in Windows 7 and Windows Server 2008 R2, you should now use AppLocker instead of SRP if all your client computers are running Windows 7 or later. Organizations that include a mix of Windows 8, Windows 7, and older Windows clients, however, can use a combination of AppLocker and SRP to lock down their desktop application environments.
Windows Firewall with Advanced Security provides host-based, two-way network traffic filtering for Windows client and server operating systems. Windows Firewall with Advanced Security was introduced in Windows Vista and Windows Server 2008. Windows Firewall with Advanced Security policies are found under Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall with Advanced Security.
