Guest User!

You are not Sophos Staff.

Thread Info
  • Locked Locked
  • Replies 1 reply
  • Subscribers 9 subscribers
  • Views 2503 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block Applications / Run as system user

Sven Gölles

Hi all,

following situation: We blocked powershell with application control on all clients (user based policy).

Now our new software deployment tool uses powershell for tasks after the software installation (run as local system account). Now if a normal users is logged-in the powershell is blocked. Sophos support told me that its depending who is logged in the system and it doesn't matter in which user context is  running the powershell task in the background.

I can´t belive that the only solution is to allow powershell for everybody. Does anyone have the same situation ?

 

Thanks

 



This thread was automatically locked due to age.
Parents

  • If I block the CD drive for a user on a user based policy, and then have it allowed for myself, if the user logs in it's blocked and if I log in it will allow me to use the CD drive without issue.

    If you're running an automated task, I have not personally experimented with blocking PowerShell as we use it, so I am not sure how it behaves when it's automated.

    Maybe peripherals behave differently than applications when it comes to user based policies?

     

     

    Alternate way would be to allow PowerShell, but restrict the ability to run scripts by having the execution policy set to restricted (default value)

    If your users are local admins then this means nothing, they could override this themselves.

     

Reply

  • If I block the CD drive for a user on a user based policy, and then have it allowed for myself, if the user logs in it's blocked and if I log in it will allow me to use the CD drive without issue.

    If you're running an automated task, I have not personally experimented with blocking PowerShell as we use it, so I am not sure how it behaves when it's automated.

    Maybe peripherals behave differently than applications when it comes to user based policies?

     

     

    Alternate way would be to allow PowerShell, but restrict the ability to run scripts by having the execution policy set to restricted (default value)

    If your users are local admins then this means nothing, they could override this themselves.

     

Children
No Data
Unfiltered HTML
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML