Support Device Guard and AppLocker
I'd like the ability to lock down and audit Nano Server equally effectively as my Win 10 hosts. With its dramatically reduced attack surface, Nano Server has the potential to be much more easily defendable assuming it has supported roles to do so.
[Deleted User] commented
Re. Applocker, I would like to enforce DLL whitelisting and whitelist only those modules that are signed by Microsoft or loaded from specific, privileged directories.
Daniel Sutton commented
Support the idea of device guard but applocker would be over kill in my opion. Whats apps would it actually be blocking?