![]() Video 1: Prevent users from installing / running anything that wasn't To block these you need some kind of whitelisting. So that's at least three ways users can install stuff. The Windows STORE enables you to install stuff two. Use Portable apps to RUN with no admin rights. Most of these way's in are also not detectable by AV or malware scanners as they are neither, it's only after the fact they are issues and at that point it's typically too late.ġ. Why else would AppLocker and SRPs need to be put in place in businesses, many companies don't give users admin rights to help reduce the risk, but this in itself does not negate them clicking a 'PDF' link to a fake Office 365 update that executes a piece of code to exploit a vulnerability in something like OLE objects, Flash or Java, to name just a handful of applications. I'm going to disagree here, many browser exploits or malicious email links do not need admin rights to run, they use exploits and scripts to execute bypass techniques in already vulnerable systems - and given most home users don't patch because they dont know how, Microsoft force it for 'Home' editions of Windows, since this person has 'pro' then the management of patches is on them. ![]() So in an essence we need the machine to be fort knox, we would want to block remote access sites like log me in rescue or similar getting into the machine as well.Īny advice would be appreciated, its a shame he has to go to these lengths to protect his father but I guess old age catches up to us all.Īlso most malicious software that takes control of your PC needs admin access to be successful not just ran in a users security context. Does anyone know how effective applocker is? is it able to be defeated? He is father wouldnt actively try to breach it but he is extremely gullible to answering phone calls and doing what he is told for instance when tricked on the phone by someone pushing a "deal of a lifetime", hence got stung for a lot of money recently. One option I thought about was App Locker which only runs on Enterprise or Education as far as I know, I guess he could purchase a copy of that. So essentially I am looking for advice here for how someone running Win 10 Pro could really lock the hell out of a machine and just let a select few apps be run and no further apps installed. ![]() As I understand it, even when a policy has been put in place to block an install, a user can still install software if it only applies to their profile and not all users. I mentioned he could implement a local group policy to restrict his father from installing any extra software but from my own experience, this isn't fool proof. My friend has a father who was stung by scammers so he is now looking to lock down his fathers Win 10 pro laptop to stop him installing software other than what he has already installed and preventing popups and the like when he is browsing. This question is more of a general one as it doesn't actually refer to my work environment but rather a friend asked me for advice.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |