Skip to main content

We have a network folder location that contains some applications used by a mixture of non-privileged users . Some of these install source files have .MSI while some have .EXE. When my users run it, they get filtered into the catch all app group instead of the app definition I created. I just used \\networkshare\folder1\* with no publishers, drive is network and App requires elevation (UAC). I know this is not very secure but that is the only way I know that would allow my users to run the install themselves without asking help from our deskside support. 

This application group by the way sits above the priority list before the catch all and is also using rule filter for those specific users only.

 

My problem is that it does not get triggered from that definition. Has somebody got any similar definition in place that I can follow that works?

It is difficult to say without actually seeing your policy design.

But if your statement is true about the placement just above the catch all “(Default) Any Application”, and you used \\networkshare\folder1\* with no publishers, drive is network and App requires elevation (UAC) Then “(Default) Any UAC” and “(Default) Any signed UAC” will get higher priority and you would never hit your network shares.

You would have to place your rule above those “catch all” UAC once.
Anywhere above the green arrow.
 

You could leave these shares as Read Only, granting you some sort of control or approval workflow for what goes onto those shares.

Reply


Badge Earners

  • BCIE: Privileged Remote Access
    Bruceyhas earned the badge BCIE: Privileged Remote Access
  • BCIE: Remote Support
    Bruceyhas earned the badge BCIE: Remote Support
  • BCA: Privileged Remote Access
    linehas earned the badge BCA: Privileged Remote Access
  • BCA: Password Safe
    linehas earned the badge BCA: Password Safe
  • BCA: Password Safe
    MedBouhas earned the badge BCA: Password Safe
Show all badges
Terms & ConditionsCookie settings