Gandalf_The_Grey
Level 82
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Apr 24, 2016
- 7,189
A brief note to Windows administrators who still rely on Software Restriction Policies (SRP). This security feature has been deprecated since 2020, but is still supported in Windows 10. But Windows 11 version 22H2 will definitely put an end to the use of Software Restriction Policies – App-Locker should be used instead.
Software Restriction Policies (SRP) deprecated
Software Restriction Policies (SRP) are a mechanism, with which administrators in Windows could specify over guidelines, which software may be executed in the operating system. The Software Restriction Policies are already available since Windows Server 2003 and are currently (according to this Microsoft page) still available under the following server variants:
In addition, software restriction policies are supported in Windows clients (Windows 7, Windows 8.1, Windows 10, Windows 11 21H1). I still read (also within my German blog in user comments) some recommendations to use software restriction policies to harden the system.
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Server 2022
However, Microsoft had already discontinued the Software Restriction Policies (SRP) in June 2020 (see my blog post Windows 10 Version 2004: Deprecated/removed features). Microsoft already wrote about Windows 10 version 1803:
Software Restriction Policies in Group Policy: Instead of using the Software Restriction Policies through Group Policy, you can use AppLocker or Windows Defender Application Control to control which apps users can access and what code can run in the kernel.
The Microsoft article Deprecated features for Windows client, which was last updated on November 2, 2022, also lists the Software Restriction Policies as deprecated. Until now, however, Software Restriction Policies (SRP) were still supported in Windows 10 as well as Windows 11 version 21H1. But with the discontinuation, administrators should have long been warned that this security feature will eventually fail.
SRP in Windows 11 22H2 without function
I just came across this on Twitter via the following Tweet from Will Dormann that Microsoft now has removed Software Restriction Policies (SRP).
Will Dormann writes that the list of Windows security/defense measures that seem to do nothing is now quite long. A new addition is the Software Restriction Policies (SRP), which don't seem to do anything as of Windows 11 22H2. He concludes by saying, "Hopefully no one relies on this feature!". I assume that the blog readers has long been aware and has said goodbye to Software Restriction Policies. If not, keep this trap in mind when using Windows 11. Let's see when the feature is removed from Windows 10.
Windows 11 22H2 no longer supports Software Restriction Policies (SRP)
[German]A brief note to Windows administrators who still rely on Software Restriction Policies (SRP). This security feature has been deprecated since 2020, but is still supported in Windows 10. But Windows 11 version 22H2 will definitely put an end to the use of Software Restriction Policies - App-L
borncity.com