Forum Discussion

jlorraine's avatar
jlorraine
Copper Contributor
Dec 26, 2020

Profile based apps installing for non admins

Our managed environment restricts the ability to install any apps (non-admins) though lately some collaboration apps (Teams, Zoom, etc) install directly to the user profile, circumventing the rights requirement.  This creates risk via unapproved downloads over small circuits, ensuring updates can be performed in a managed way, and managed uninstall methods.  We need a solution to restrict this type of download / install without creating additional restrictions via App Locker, general exe execution restrictions or zone download restrictions.  File exe names change upon each download or we could call them by name via policy.

 

Specific to this larger issue, we will option to deploy 365 without Teams... so when a user needs to connect to a Teams meeting they would use the browser only.  They are prompted to install the client upon connection, and we would like to prevent this without creating any additional content related problems when retrieving data from MS.... or anywhere else.

 

Browser = EDGE Chromium

  • Hi,
    if your environment doesn't allow installing apps/programs to non-admins, no app/program should be able to install, but PWA app (progressive web apps) can be installed regardless.
    it can be controlled of course using Edge group policies.
    Teams online doesn't need a client to be installed first. Teams online can be run standalone only through the browser.
    • jlorraine's avatar
      jlorraine
      Copper Contributor

      I'll clarify.  Only admins should be able to install apps, though standard users can choose to install apps such as Teams when prompted while connecting to a Teams meeting.  We would like to restrict the user-initiated install and force the session to run in the browser.

       

      You mention EDGE policies, have you seen this scenario corrected by any specific GPO settings?  I'm not finding them..

       

      HotCakeX 

Resources