Forum Discussion
Block All Software Installs
Hi All
Is there a way to block all software installs on Windows devices except for those we push out via Intune?
I have have a look in the Device Config settings but there seems to be some confusing settings in there and some stating set as "Disabled" when disabled isn't an option.
Info appreciated.
5 Replies
Third party tools like Airlock will be able to assist, but bit complex to setup and manage.
Hi StuartK73,
You can use EPM if u want yours users to install specific application with admin privilege.
Don’t mean to digress, but what kind of software installs are we talking about here? If it’s the kind that needs elevation then do your users have admin rights? If so, then I would probably start with that.
Hi Buddy
No, our users do not have admin rights, and while this is a security feature, it is not full proof ie some apps etc can install without elevation and I'd like to prevent that from happening.
SK
I see. Then your best bet is using app control policy where you define a whitelist of apps.
