Lead Image © Andrii IURLOV, 123RF.com

Lead Image © Andrii IURLOV, 123RF.com

Advanced Windows security using EMET

Solid Defense

Article from ADMIN 29/2015
Although attacks on computers are numerous and varied, they are predominantly based on the same techniques. Microsoft closes these vulnerabilities on Windows computers using the Enhanced Mitigation Experience Toolkit (EMET).

Using Microsoft's Enhanced Mitigation Experience Toolkit (EMET) [1], you can prevent attackers from exploiting security gaps in the software that you have installed on Windows computers. The security technologies used to limit damage cannot completely eliminate security risks, but instead, they meaningfully serve to complement other security measures.

Such measures include installing the latest security updates using Windows Firewall with Advanced Security and using User Account Control (UAC). Additionally, EMET provides a configurable function for determining the trustworthiness of SSL certificates. This function aims to detect and prevent man-in-the-middle attacks.

Installing EMET

You can download EMET for free from Microsoft's website [2]. For use in companies, you have the option of distributing EMET using the System Center Configuration Manager (SCCM) or the software distribution functions of Active Directory's group policies (more on that later). The configuration of EMET can be automated using group policies and administrative templates (ADMX files). EMET supports all current versions on Windows platforms. For clients, these are:

  • Vista SP2
  • 7 SP1
  • 8
  • 8.1

The tool supports the following versions on the Windows Server side:

  • 2003 SP2
  • 2008 SP2
  • 2008 R2 SP1
  • 2012
  • 2012 R2

On Windows Server 2003, a few limitations are described in the release notes and the EMET user guide, which are part of the EMET downloads. Read the user guide before using EMET, because it expands on the important configuration steps and provides an overview of the EMET protection technologies.

Centralized Rollout

You can use software distribution such as SCCM, group policies, or any other method that is capable of distributing MSI packages for large-scale distribution of EMET. The steps for distributing the EMET application using SCCM are:

  • Create an application in the SCCM management console based on the MSI file from the EMET download (Figure 1).
Figure 1: The Create Application wizard is used in distributing the EMET application.
  • Create an SCCM package and program.
  • Assign the package to an SCCM device collection or create a new device collection.

The EMET user guide and the TechNet websites provide detailed information about distributing EMET using SCCM. Microsoft KB article 816102 [3] provides further information if you want to distribute EMET using group policies.

You can centralize configuration using group policies and administrative template files if you have successfully distributed EMET in your network. Copy the files EMET.ADMX and EMET.ADML from the installation directory into the PolicyDefinitions directory on a domain controller or a workstation with the Remote Server Administration Tools (RSAT) installed. Then, use the central group policies' memory and copy the ADMX and ADML file into the PolicyDefinitions directory of the Active Directory domain's SYSVOL share.

EMET on the Command Line

The EMET_Conf.exe tool is available to administrators wanting to configure EMET on the command line. This approach does not, however, offer the full scope of the EMET GUI. Running EMET_Conf.exe without specifying configuration switches lists all available command-line options. You can determine which protection function should be active for an application in the application settings (Figure 2).

Figure 2: You can select which protection function should be active for an application.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=