Forum Discussion
Is it possible to disable search location in file explorer voa intune
Hi all, Is it possible to disable the file search bar which allows users to search for locations ie Appdata via intune?
https://www.mobile-mentor.com/insights/how-to-whitelist-and-force-edge-browser-extensions-in-intune/
If you use this, the extensions are managed or are you already doing that?
If you use this, the extensions are managed or are you already doing that?
Yes so we are using this however we have filtering set via our firewall which is why we block users adding extensions and only allowing the firewall extension (add a few others) which cant be removed but if the user goes to C:\Users\*\AppData\Local\Microsoft\Edge\User Data\Default\Extensions and deleted the extension then for a short period of time untill the reopen the browser they are able to bypass the firewall. I spoke to the firewall company and they said we need to set read only permissions on that location which I am unsure on how to do
- You could use Set-Acl or icacls.exe to set that? (plenty of how to docs for that)
- Could you please help I have been trying to sort this all day I did try this which didnt work:
$AppDataPath = "$env:USERPROFILE\AppData\Local"
# Set permissions to read-only for standard users
$acl = Get-Acl $AppDataPath
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Users", "Read", "Allow")
$acl.SetAccessRule($rule)
Set-Acl $AppDataPath $acl
But no change I was able to lock it down so its not accessible at all however this breaks the extensionsABill1 Does this work? This will set the access to read for the extensions folder and inherit permissions from above and apply it to all files and folders in the Extensions
# Specify appdata path $AppDataPath = "$env:USERPROFILE\AppData\Local\Microsoft\Edge\User Data\Default\Extensions" # Get the ACL for an existing folder $existingAcl = Get-Acl -Path $AppDataPath # Set the permissions that you want to apply to the folder $permissions = 'Users', 'Read', 'ContainerInherit,ObjectInherit', 'None', 'Allow' # Create a new FileSystemAccessRule object $rule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permissions # Modify the existing ACL to include the new rule $existingAcl.SetAccessRule($rule) # Apply the modified access rule to the folder $existingAcl | Set-Acl -Path $AppDataPathfolder