▲ 3 r/sysadmin
Just curious what strategies you are using to control apps installed in the user context these days? There's a variety options at different layers:
- Using AV to prevent downloading executables - requires SSL decryption which is more overhead than I'd prefer.
- Browser policies? - The new Edge admin center may have an option for this, but I'm going to need to test it out a bit.
- Edge: Umbrella and on-prem firewalls - Requires SSL decryption
- Applocker/AppControl: Good option, but requires quite a bit of overhead.
I guess I'm looking to see if anyone has found a low calorie way to prevent these installs. User communication just isn't doing the trick.
u/ChickenOnBiscuts — 12 days ago