Pau Lo
asked on
prevention of unauthorised software.
Aside from ensuing users do not have local admin permissions over their windows machines, what other controls/techniques can be used to ensure, as much as possible, that unauthorised software does not end up on company devices (windows 7/10 laptops & desktops). I know what is one way of preventing things, but I want to ensure we have considered all possibilities.
It looks as if you did not want to further comment on the suggestions I gave you on your previous question. Those are suitable: https://www.experts-exchange.com/questions/29148048/monitoring-unauthorised-software-installs.html?anchorAnswerId=42877804#a42877804
Looking at the link that McKnife provided, the following people provided more solid suggestions than what you selected as the solutions:
The recommendations I would've had (which would've included GPO and IAM) essentially fall under suggestions of one of those 3 experts. BeyondTrust offers an endpoint privilege management product that you could look into as well.
- slightwv
- btan
- McKnife
The recommendations I would've had (which would've included GPO and IAM) essentially fall under suggestions of one of those 3 experts. BeyondTrust offers an endpoint privilege management product that you could look into as well.
ASKER
I was just thinking of additional good practices such as web restrictions on what type of extensions they can download etc, for an added layer. But presumably the restriction policies also cover those even if some form of installer was downloaded.
Have you seen software restriction policies/applocker in action? Please take a test system and try them.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.