AWS appstream2 documentation change
Summary
Updated product name references from 'AppStream 2.0' to 'WorkSpaces Applications' throughout the document. Security guidance about application controls, permissions, and policies remains unchanged except for branding.
Security assessment
The changes are purely branding updates (AppStream 2.0 → WorkSpaces Applications) with no modifications to security recommendations or vulnerability disclosures. The existing security guidance about application whitelisting, permission management, and policy configuration remains identical except for the product name replacement.
Diff
diff --git a/appstream2/latest/developerguide/application-access.md b/appstream2/latest/developerguide/application-access.md index e8e6b8ea4..8fa996c9f 100644 --- a//appstream2/latest/developerguide/application-access.md +++ b//appstream2/latest/developerguide/application-access.md @@ -3 +3 @@ -[Documentation](/index.html)[Amazon AppStream 2.0](/appstream2/index.html)[Administration Guide](what-is-appstream.html) +[Documentation](/index.html)[Amazon WorkSpaces Applications](/appstream2/index.html)[Administration Guide](what-is-appstream.html) @@ -7 +7 @@ -By default, AppStream 2.0 enables the applications that you specify in your image to launch other applications and executable files on the image builder and fleet instance. This ensures that applications with dependencies on other applications (for example, an application that launches the browser to navigate to a product website) function as expected. Make sure that you configure your administrative controls, security groups, and other security software to grant users the minimum permissions required to access resources and transfer data between their local computers and fleet instances. +By default, WorkSpaces Applications enables the applications that you specify in your image to launch other applications and executable files on the image builder and fleet instance. This ensures that applications with dependencies on other applications (for example, an application that launches the browser to navigate to a product website) function as expected. Make sure that you configure your administrative controls, security groups, and other security software to grant users the minimum permissions required to access resources and transfer data between their local computers and fleet instances. @@ -9 +9 @@ By default, AppStream 2.0 enables the applications that you specify in your imag -You can use application control software, such as [Microsoft AppLocker](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview), and policies to control which applications and files your users can run. Application control software and policies help you control the executable files, scripts, Windows installer files, dynamic-link libraries, and application packages that your users can run on AppStream 2.0 image builders and fleet instances. +You can use application control software, such as [Microsoft AppLocker](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview), and policies to control which applications and files your users can run. Application control software and policies help you control the executable files, scripts, Windows installer files, dynamic-link libraries, and application packages that your users can run on WorkSpaces Applications image builders and fleet instances. @@ -13 +13 @@ You can use application control software, such as [Microsoft AppLocker](https:// -The AppStream 2.0 agent software relies on the Windows command prompt and Windows Powershell to provision streaming instances. If you choose to prevent users from launching the Windows command prompt or Windows Powershell, the policies must not apply to the Windows NT AUTHORITY\SYSTEM or users in the Administrators group. +The WorkSpaces Applications agent software relies on the Windows command prompt and Windows Powershell to provision streaming instances. If you choose to prevent users from launching the Windows command prompt or Windows Powershell, the policies must not apply to the Windows NT AUTHORITY\SYSTEM or users in the Administrators group. @@ -17,6 +17,6 @@ Rule type | Action | Windows user or group | Name/Path | Condition | Description -Executable | Allow | NT AUTHORITY\System | * | Path | Required for the AppStream 2.0 agent software -Executable | Allow | BUILTIN\Administrators | * | Path | Required for the AppStream 2.0 agent software -Executable | Allow | Everyone | %PROGRAMFILES%\nodejs\\* | Path | Required for the AppStream 2.0 agent software -Executable | Allow | Everyone | %PROGRAMFILES%\NICE\\* | Path | Required for the AppStream 2.0 agent software -Executable | Allow | Everyone | %PROGRAMFILES%\Amazon\\* | Path | Required for the AppStream 2.0 agent software -Executable | Allow | Everyone | %PROGRAMFILES%\<`default-browser`>\\* | Path | Required for the AppStream 2.0 agent software when persistent storage solutions, such as Google Drive or Microsoft OneDrive for Business, are used. This exception is not required when AppStream 2.0 home folders are used. +Executable | Allow | NT AUTHORITY\System | * | Path | Required for the WorkSpaces Applications agent software +Executable | Allow | BUILTIN\Administrators | * | Path | Required for the WorkSpaces Applications agent software +Executable | Allow | Everyone | %PROGRAMFILES%\nodejs\\* | Path | Required for the WorkSpaces Applications agent software +Executable | Allow | Everyone | %PROGRAMFILES%\NICE\\* | Path | Required for the WorkSpaces Applications agent software +Executable | Allow | Everyone | %PROGRAMFILES%\Amazon\\* | Path | Required for the WorkSpaces Applications agent software +Executable | Allow | Everyone | %PROGRAMFILES%\<`default-browser`>\\* | Path | Required for the WorkSpaces Applications agent software when persistent storage solutions, such as Google Drive or Microsoft OneDrive for Business, are used. This exception is not required when WorkSpaces Applications home folders are used.