I have a customer that has an F5 client utility that users must be able to
install, and their profile appdata/temp is a location where they have
permissions, unlike the program files folders. I warned them about malware
using this location as an ingress vector, but they did not want to work out
, 2017 10:22 AM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Running exe from APPDATA..TEMP directory
Vendors like to run from %appdata% because any user can put files there; no
need to get corporate IT (or permission) to install the app.
Bud Durland | Director of Information
., Plattsburgh, NY 12901
Website | Twitter | LinkedIn | YouTube
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of David McSpadden
Sent: Monday, April 10, 2017 10:25
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] Running exe from APPDATA..TEMP directory
Have
Absolutely not. That is extremely lazy programming. Many of us have
similar GPOs for antivirus purposes.
--
Espi
On Mon, Apr 10, 2017 at 7:25 AM, David McSpadden wrote:
> Have a vendor that want so run his app from the APPDATA..TEMP directory.
>
> I have a GPO that denied
Have a vendor that want so run his app from the APPDATA..TEMP directory.
I have a GPO that denied .exe from running there or subfolders of there.
Any reason I should allow this?
I have the exact folder and program name but it's opening up an exception to my
rule??
Any thoughts?
David McSpadden
5 matches
Mail list logo