Blocking application (software) for windows users

pennywise
Just browsing

Blocking application (software) for windows users

Hi,

 

I need to block some software's that not to be installed in windows user machine. Please can any one tell me, which security policy and alerts should configure for this.

8 Replies 8
nwu1
Here to help

Hi Pennywise,

 

If you have an MX appliance, you could create Group Policies and apply them, but they don't allow much granularity.

https://documentation.meraki.com/MR/Group_Policies_and_Blacklisting/Creating_and_Applying_Group_Poli...

 

But I believe what you're really looking for are Windows GPO:

https://www.techrepublic.com/article/how-to-manage-your-organizations-microsoft-store-group-policy/

 

Cheers,

nwu1

MacuserJim
A model citizen

From what you are asking there are several ways to go about this, below are some options you can try pursuing. If you can give us some more details on what you are trying to block we can help you a little more, but these can at least get you going. 

 

Do you have any specific domain names or IP addresses that the software comes from? You can create Layer 3 or Layer 7 firewall rules to block communication to/from those domain names and/or IPs. 

 

Another option would be to use the "URL category lookup tool" found under "Security appliance > Content filtering > Category filtering". That will tell you what type of category that will fall under and you can add it to the content filtering. That would also block other domains, but depending on the scope you may want that.

 

Both of those options can be done to the entire network, which might be a good idea for you. However if you want to get more client specific you can use Group Policies to create specific firewall, content filtering, etc rules and apply those to select clients on your network.

pennywise
Just browsing

Hi,

 

I am trying to block users who should not install software like Team Viewer in their Windows 10 laptop Machines.

 

 

 

PhilipDAth
Kind of a big deal
Kind of a big deal

The best solution is not to give the users Administrator privileges - then they can't install any software - only there Administrator can.

 

The next option is to block the domain names of where the software can be downloaded from.

https://documentation.meraki.com/MX/Firewall_and_Traffic_Shaping/Firewall_Settings#FQDN_Support

pennywise
Just browsing

Hi,

 

The users have Admin privileges we cant change the permissions for them, but we need to block the users that not to install any software, if they install we need to get alert via mail.

 

 

( The windows users has admin rights and we are trying to identify the users using system manager to block such users who attempt to install some unnecessary software like Team Viewer, Anydesk etc)

pennywise
Just browsing

Hi,

I am trying to block using System Manager, Please help on this, there is not option of firewall in System Manager portal.
MacuserJim
A model citizen

If you are trying to use Systems Manager to prevent app installation on Windows I think you are out of luck, for the time being at least. Systems Manager is pretty limited when it comes to Windows, Windows 10 in particular does open up a lot more potential to manage it from an EMM solution, but that is something Meraki is still working on. Hopefully that is something you will be able to do in the future.

 

I would recommend using the "Make a wish" button in the dashboard and ask about getting some Windows management features added to Systems Manager. I think there are a bunch of us that would like to see to more Windows management capability sooner rather than later.

nealgs
Building a reputation

Have to agree with  PhilipDAth on this one - remove Admin or local admin rights to the PC for users.

 

We're just going through a windows 10 migration and only IT staff now have Admin rights - any software installs come through IT helpdesk.  Yep it does increase support calls etc, but does mean less chance of dodgy software causing mayhem on the network etc due to virusesssssss etc.

 

We did block shareware related sites, but had to open up sourceforge.net in order to download some software for IT to use -  lol.

 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels