<div>
It looks as if you did not want to further comment on the suggestions I gave you on your previous question. Those are suitable: <a href="https://www.experts-exchange.com/questions/29148048/monitoring-unauthorised-software-installs.html?anchorAnswerId=42877804#a42877804" rel="ugc">https://www.experts-exchange.com/questions/29148048/monitoring-unauthorised-software-installs.html?anchorAnswerId=42877804#a42877804</a>
</div>


It looks as if you did not want to further comment on the suggestions I gave you on your previous question. Those are suitable: https://www.experts-exchange.com/questions/29148048/monitoring-unauthorised-software-installs.html?anchorAnswerId=42877804#a42877804 [https://www.experts-exchange.com/questions/29148048/monitoring-unauthorised-software-installs.html?anchorAnswerId=42877804#a42877804]

Team Manager - IT

Ashvin Ashok

Pau Lo

<div>
Looking at the link that McKnife provided, the following people provided more solid suggestions than what you selected as the solutions:<br />

<ul>
<li>slightwv</li>
<li>btan</li>
<li>McKnife</li>
</ul>
<br />
The recommendations I would've had (which would've included GPO and IAM) essentially fall under suggestions of one of those 3 experts. BeyondTrust offers an <a href="https://www.beyondtrust.com/endpoint-privilege-management" rel="ugc">endpoint privilege management product</a> that you could look into as well.
</div>


Looking at the link that McKnife provided, the following people provided more solid suggestions than what you selected as the solutions:

 * slightwv
 * btan
 * McKnife


The recommendations I would've had (which would've included GPO and IAM) essentially fall under suggestions of one of those 3 experts. BeyondTrust offers an endpoint privilege management product [https://www.beyondtrust.com/endpoint-privilege-management] that you could look into as well.

<div>
I was just thinking of additional good practices such as web restrictions on what type of extensions they can download etc, for an added layer. But presumably the restriction policies also cover those even if some form of installer was downloaded.
</div>


I was just thinking of additional good practices such as web restrictions on what type of extensions they can download etc, for an added layer. But presumably the restriction policies also cover those even if some form of installer was downloaded.

<div>
Have you seen software restriction policies/applocker in action? Please take a test system and try them.
</div>


Have you seen software restriction policies/applocker in action? Please take a test system and try them.

<div>
<div class="content wysiwyg-content">
Aside from ensuing users do not have local admin permissions over their windows machines, what other controls/techniques can be used to ensure, as much as possible, that unauthorised software does not end up on company devices (windows 7/10 laptops &amp;&nbsp;desktops). I know what is one way of preventing things, but I want to ensure we have considered all possibilities.
</div>
</div>


Aside from ensuing users do not have local admin permissions over their windows machines, what other controls/techniques can be used to ensure, as much as possible, that unauthorised software does not end up on company devices (windows 7/10 laptops & desktops). I know what is one way of preventing things, but I want to ensure we have considered all possibilities.

prevention of unauthorised software.

Software is any set of instructions that directs a computer to perform specific tasks or operations. Computer software consists of programs, libraries and related non-executable data (such as documentation). Computer software is non-tangible, contrasted with computer hardware, which is the physical component of computers. Software written in a machine language is known as "machine code". However, in practice, software is usually written in high-level programming languages than machine language. High-level languages are translated into machine language using a compiler or interpreter or a combination of the two.

Software

Windows 10 is a personal computer operating system featuring the "universal application architecture" (UAP); apps can be designed to run across multiple devices with nearly identical code, including PCs, tablets, smartphones, embedded systems, Xbox One, Surface Hub and HoloLens. Windows 10 also includes a virtual desktop system, a window and desktop management feature called Task View, the Microsoft Edge web browser, support for fingerprint and face recognition login, voice-based search (Cortana), new security features for enterprise environments, and DirectX 12 and WDDM 2.0 to improve the operating system's graphics capabilities for games.

Windows 10

This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.

Windows OS

The Windows operating systems have distinct methodologies for designing and implementing networks, and have specific systems to accomplish various networking processes, such as Exchange for email, Sharepoint for shared files and programs, and IIS for delivery of web pages. Microsoft also produces server technologies for networked database use, security and virtualization.

Windows Networking

Windows 7 is an operating system from Microsoft. Features include multi-touch support, a redesigned Windows Shell with a new taskbar, referred to as the Superbar, a home networking system called HomeGroup, and performance improvements.