Hello! is there any way to allow users in high flex to uninstall any applications using Windows Add/Remove Programs option. This should be default behavior and we will add apps in a deny list which they should not be able to remove. Certain apps have additional protections and users wont be able to remove those even if we don’t have them in EPM deny list
Page 1 / 1
Yes there is an option to add a uninstall rule that would allow you to uninstall any application.
I would recommend that you use a prompt for the rule, but if you do not want a prompt it can be added to the Application Group “Add Admin - High Flexibility”
This would allow any uninstall of applications without a prompt.
Typical this would not allow the uninstall of protected application like AV and EPM itself.
In order to setup this in your environment you can use JIT access feature from BeyondTrust, because that will allow you to know in real-time how many applications are there being uninstalled via passive behavior or admin behavior , as the most of the users will be uninstalling a application from the install directory itself.
So , from this you can have a data to work upon to allow which application to have which type of permissions when you allow the uninstallation from Add/Remove programs and which to add in the deny list being important application.
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.