Hello! is there any way to allow users in high flex to uninstall any applications using Windows Add/Remove Programs option. This should be default behavior and we will add apps in a deny list which they should not be able to remove. Certain apps have additional protections and users wont be able to remove those even if we don’t have them in EPM deny list
Solved
EPM-W : Allow uninstall of apps from add/remove programs
Best answer by Jens Hansen
Yes there is an option to add a uninstall rule that would allow you to uninstall any application.
I would recommend that you use a prompt for the rule, but if you do not want a prompt it can be added to the Application Group “Add Admin - High Flexibility”
This would allow any uninstall of applications without a prompt.
Typical this would not allow the uninstall of protected application like AV and EPM itself.
Yes there is an option to add a uninstall rule that would allow you to uninstall any application.
I would recommend that you use a prompt for the rule, but if you do not want a prompt it can be added to the Application Group “Add Admin - High Flexibility”
This would allow any uninstall of applications without a prompt.
Typical this would not allow the uninstall of protected application like AV and EPM itself.
In order to setup this in your environment you can use JIT access feature from BeyondTrust, because that will allow you to know in real-time how many applications are there being uninstalled via passive behavior or admin behavior , as the most of the users will be uninstalling a application from the install directory itself.
So , from this you can have a data to work upon to allow which application to have which type of permissions when you allow the uninstallation from Add/Remove programs and which to add in the deny list being important application.
I don’t understand how this works. Wouldn’t this policy also allow the installation of pretty much anything? Or is the name important and has something hardcoded in the backend to know that this is meant for uninstalls only?
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.