Applications; Portable vs. Installed

scottalanmiller

@stacksofplates said in Applications; Portable vs. Installed:

I would make one million percent sure this is a real government requirement, more just something some admin thinks is one.

I'm pretty confident that it is made up. Made up to the point of not being really plausible, hence made up by someone that didn't know enough to know what was even plausible as a requirement.

stacksofplates

@scottalanmiller said in Applications; Portable vs. Installed:

@stacksofplates said in Applications; Portable vs. Installed:

I would make one million percent sure this is a real government requirement, more just something some admin thinks is one.

I'm pretty confident that it is made up. Made up to the point of not being really plausible, hence made up by someone that didn't know enough to know what was even plausible as a requirement.

Yeah I mean you can do it but you will pay for it for the rest of the time you work there. Especially if config management is "not approved".

stacksofplates

Can you imagine adding/changing sha256 sums Everytime someone gets a new application or needs to run a script. And doing it by hand every single time. That would be your job day in and day out.

scottalanmiller

@stacksofplates said in Applications; Portable vs. Installed:

Can you imagine adding/changing sha256 sums Everytime someone gets a new application or needs to run a script. And doing it by hand every single time. That would be your job day in and day out.

And needing to do it for every new patch to every application. Eek.

stacksofplates

@scottalanmiller said in Applications; Portable vs. Installed:

@stacksofplates said in Applications; Portable vs. Installed:

Can you imagine adding/changing sha256 sums Everytime someone gets a new application or needs to run a script. And doing it by hand every single time. That would be your job day in and day out.

And needing to do it for every new patch to every application. Eek.

Yup anytime there's an update to anything you would have to fix it.

scottalanmiller

@stacksofplates said in Applications; Portable vs. Installed:

@scottalanmiller said in Applications; Portable vs. Installed:

@stacksofplates said in Applications; Portable vs. Installed:

Can you imagine adding/changing sha256 sums Everytime someone gets a new application or needs to run a script. And doing it by hand every single time. That would be your job day in and day out.

And needing to do it for every new patch to every application. Eek.

Yup anytime there's an update to anything you would have to fix it.

Yeah, including system updates, chocolatey updates, manual updates, apps like Chrome that update themselves. And anything on a "per user" basis might update at different times.

coliver

@stacksofplates said in Applications; Portable vs. Installed:

Can you imagine adding/changing sha256 sums Everytime someone gets a new application or needs to run a script. And doing it by hand every single time. That would be your job day in and day out.

It's probably not possible if change management isn't available. But you can do this with SCCM.

black3dynamite

@jmoore said in Applications; Portable vs. Installed:

One thing I found about portable apps is occasionally a smarter user will install these. Yeah, it gets around our permissions in Ad because they do not modify the registry. so I do not like them for that reason. I can't have users installing whatever they want.

Back in the days at my old job, we used Sophos to control those type of apps.

scottalanmiller

@black3dynamite said in Applications; Portable vs. Installed:

@jmoore said in Applications; Portable vs. Installed:

One thing I found about portable apps is occasionally a smarter user will install these. Yeah, it gets around our permissions in Ad because they do not modify the registry. so I do not like them for that reason. I can't have users installing whatever they want.

Back in the days at my old job, we used Sophos to control those type of apps.

Sophos does so much hardware these days, I begin to forget that they used to be a desktop agent.

black3dynamite

@jmoore said in Applications; Portable vs. Installed:

@stacksofplates said in Applications; Portable vs. Installed:

@jmoore said in Applications; Portable vs. Installed:

@scottalanmiller said in Applications; Portable vs. Installed:

@jmoore said in Applications; Portable vs. Installed:

@scottalanmiller said in Applications; Portable vs. Installed:

A big question would be... why do you want to restrict binaries from users?

Thats the sysadmin decision. He considers it a security measure and I can understand it somewhat.

Does he? Because he's not restricting them in any way, and totally okay with all the portable apps delivered in the web browser, right? So he's totally okay with them. Just confused, I'd guess.

Well, I can't presume to know his mind but hes just trying to limit the damage that can be done i suppose. I am guessing that is what he is thinking.

Is this from a government requirement? The only way to do this is checksum all of your executables. Unless you are required to do this, you're insane.

Yes we are a 2 year college and this is what I am told.

That's a lot to deal with for a 2 year college. I can understand the annoyances of accreditation and also following like FERPA requirements.