cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to block installation of Dropbox / Google Drive etc.

Harry Dubois
Brass Contributor

‎Oct 05 2018 03:13 AM

‎Oct 05 2018 03:13 AM

How to block installation of Dropbox / Google Drive etc.

Is there a possibility to block the installation from apps like Dropbox? A regular user can now (although not admin) install the Dropbox application.

11.7K Views
0 Likes
4 Replies
Reply
4 Replies
Oliver Kieselbach

‎Oct 07 2018 12:40 PM

‎Oct 07 2018 12:40 PM

Re: How to block installation of Dropbox / Google Drive etc.

Hi Harry,

 

I assume you are talking about Windows 10 managed by MDM enrolled with Autopilot as Standard User. Dropbox is available as user mode install and therefor can be installed by a standard user. To control execution and install behavior of a Windows 10 device you could leverage AppLocker, which can be configured with MDM also. There you could go for a whitelist or blacklist approach.

 

see here: https://docs.microsoft.com/en-us/windows/client-management/mdm/applocker-csp

 

best,

Oliver

0 Likes
Reply
Harry Dubois

‎Oct 08 2018 04:11 AM

‎Oct 08 2018 04:11 AM

Re: How to block installation of Dropbox / Google Drive etc.

Hi Oliver, the solution is to give the standard user only rights to install apps from the Windows Store by the restriction policy in Intune.
1 Like
Reply
Oliver Kieselbach

‎Oct 08 2018 04:23 AM

‎Oct 08 2018 04:23 AM

Re: How to block installation of Dropbox / Google Drive etc.

Is this a statement, answer or question :-), I'm not sure if I understand your sentence correct.

 

I will answer to clarify my statement a bit anyway :)

AppLocker can control store apps, executables etc. you can build a rule set to allow some executables or block some executables and this is even possible for store apps. 

If you like to prevent all executables you could go for S-Mode to only allow store apps which is a great level of security in the end.

If you like to allow the user to install only store apps but you like to deploy executables by a management solution like Intune or ConfigMgr you should go for AppLocker and build a rule set to block everything except the deployed apps from your management software (and of course the system apps). This approach needs quite a bit of work and operational effort as every new app must be whitelisted. 

You can find an Intune AppLocker rule set example with focus on security published in the Windows 10 managed with Intune guide from the UK National Cyber Security Centre here: 

https://www.ncsc.gov.uk/guidance/eud-guidance-windows-10-1803-mobile-device-management

 

best,

Oliver

0 Likes
Reply
Harry Dubois

‎Oct 08 2018 11:35 AM

‎Oct 08 2018 11:35 AM

Re: How to block installation of Dropbox / Google Drive etc.

Thanx Oliver for your answer in details. I found the solution for installing only Store apps for the user. Thats secure enough for us. 

0 Likes
Reply