/build/static/layout/Breadcrumb_cap_w.png

Getting the Kace Agent to deny Program Installations

Is there a way to get the Kace Agent to Deny Program Installations unless given permission by an administrator?

We want to allow program setups to be downloaded but denied when attempting to install it w/o IT permission.

I already checked under "Security Policy" under "Scripting" but it will only deny a specific program from being run.


0 Comments   [ + ] Show comments

Answers (3)

Answer Summary:
Posted by: jknox 11 years ago
Red Belt
3

The K1000/agent do not have that functionality.  You can probably do it through a GPO assuming you are talking about Windows: http://technet.microsoft.com/en-us/library/cc786941%28v=ws.10%29.aspx


Comments:
  • Thanks! have been working with KACE for almost a year now and STILL trying to learn all its functionalities!

    Nice hearing from a Dell Kace Representative so fast - SW.WPI 11 years ago
    • In that case, these videos should be helpful: http://www.kace.com/support/resources/kb/article/kace-kontinuing-education-k1000-and-k2000-recordings

      If you would like to see that functionality added to the K1000, you can submit it as a feature request here: http://kace.uservoice.com/forums/82699-k1000 - jknox 11 years ago
Posted by: SMal.tmcc 11 years ago
Red Belt
2

zip the installs with a password, you can then do something like run a unzip script using k1000 script or pstools - psexec to that machine when they contact you.


Comments:
  • We'd like to eventually move towards that direction when running program installations.

    As for now, we're looking for a preventative maintenance solution to stop coworkers from installing freeware on company PC's where we can run into all sorts of complications such as Licensing and Malware - SW.WPI 11 years ago
  • but thanks for the input... really appreciate it! - SW.WPI 11 years ago
  • I have a custom software inventory that monitors for software running in the users appdata area, this helps looking for malware and freeware. they are "users" on the machines so it is one of the few spots they can write to.

    Running Processes from appdata: Custom rule
    ShellCommandTextReturn(c:\windows\system32\wbem\WMIC.exe PROCESS where (commandline like "%%AppDat%%") get commandline)

    I have thinking of expanding it to cover the profile since i watched one user run an app from the desktop and another from documents. - SMal.tmcc 11 years ago
    • The other thing one of the techs is doing when possible, when he sees a unlicensed program, he creates a smartlabel for this software and ties it to an uninstall MI. - SMal.tmcc 11 years ago
Posted by: GeekSoldier 11 years ago
Red Belt
2

As mentioned before, Group Policy will probably be your best friend. If your end users are still local admins, remove them from the administrators group. Turn your UAC on and that will force them to enter admin credentials to make any changes including software installs. In Windows 7 you can get pretty granular about what UAC will prompt for. You can also get very granular with Group Policy as well. If these don't work for you there's a couple of programs you should look at.

Bit 9

https://www.bit9.com/

Faronics

http://www.faronics.com/products/anti-executable/

Both of these are anti-executables that you have to whitelist the applications that you want to be able to run. Faronics also has a deep-freeze program that prevents changes from being permanent on a machine unless the admin places it into a "thawed" state. I hope this helps.

 

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ