Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Prevent Software Installation

Status
Not open for further replies.
JoshuaThompson

JoshuaThompson

Technical User
Aug 7, 2008
50
US
We are deploying Windows 7 (x64) and have recently noticed that some applications (firefox, chrome browser) can be installed without admin credentials. The user receives the UAC prompt (which is set at the highest level), but they can just click "No" on the UAC prompt when asked for entering credentials and the software installation continues with no more questions ask.

If the user attempts to install to Program Files, Program Files (x86) or the root of C: then the installation fails but the user can install to ProgramData or their user profile directory with no questions asked.

I know applocker can prevent software from running, but how can I prevent software from installing?

This sounds like a major flaw.


 
Sort by date Sort by votes
Applocker, I thought, would prevent Windows Installers from running and third party Setup.exe?

"What types of files can I manage with AppLocker?

AppLocker can be used to manage four different types of files: executable (.exe), Windows Installer (.msi and .msp), script (.bat, .cmd, .js, .ps1, and .vbs), and DLL (.dll and .ocx). Each of these file types is managed in its own rule collection."

AppLocker: Frequently Asked Questions


See what others are doing in the Server Forums.
 
Upvote 0 Downvote
Thank you for the reply. That is good information.

Unfortunately after some research it appears as though Applocker will only work in the Enterprise and Ultimate editions. We currently run Windows 7 Professional.

"Windows 7 professional can be used to create applocker rules. however, applocker rules cannot be enforced on computers running windows 7 professional"

I ran a quick test of a firefox install on XP and it installed as well with no admin rights. So it looks like this is not new to Windows.

This sounds like a pretty big flaw in security.
 
Upvote 0 Downvote
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Rick_
  • Locked
  • Question
Reliance Automax Exec V3 software
Replies
6
Views
798
Andrzejek
Andrzejek
johncp
  • Locked
  • Question
W10 Defender blocking installation of uTorrent
Replies
9
Views
1K
mikrom
mikrom
TrekBiker
  • Locked
  • Question
Version 23H2 preventing full shut down
Replies
5
Views
1K
pjw001
pjw001
Xankey
  • Locked
  • Helpful tip
Which are the best software for computer
Replies
12
Views
657
Smith_J
Smith_J
Jamie_S
  • Locked
  • Question
Prevent Command Button from Printing 1
Replies
4
Views
268
Jamie_S
Jamie_S

Part and Inventory Search

Sponsor

Back
Top