Browsed by
Category: Adminless

Applocker on the Company portal Express

Applocker on the Company portal Express

This short blog will be about why baselines are very important and why you need to keep them up to date. I am not talking about security baselines this time. What I will be talking about, is the app baseline you need to deploy to your users Windows 10 devices to make sure users can install apps on their own. It’s best practice to implement adminless. *Source: Microsoft Vulnerabilities Report 2021 | BeyondTrust (great report!!) Of course, nowadays users are…

Read More Read More

Public Desktop icons and Adminless: The far side of Intune

Public Desktop icons and Adminless: The far side of Intune

This short blog will be about, why users don’t need admin permissions to delete the public desktop icons. I will divide this blog into multiple parts Introduction The Issue Solving the Permission issue 1. Introduction There are not a lot of reasons why your Azure Ad users need to be local admins on their devices. You can do a lot even without admin permissions. To summon a few: –Restarting services can be done without local admin permissions The non admin user:…

Read More Read More

The non-admin user: The Battle of Restarting Services

The non-admin user: The Battle of Restarting Services

This blog will show you, how you could give regular users permission to restart some services… Why? because sometimes a user needs to restart a specific service and they really don’t have the time to reboot the device itself. I will divide this blog into multiple parts: Introduction The Idea The Script The results 1.Introduction Some time ago, Oliver Kieselbach discovered a very great new method to start the IME sync process with just a simple command: “intunemanagementextension://syncapp”.  To make…

Read More Read More

Company Portal App: Unchained

Company Portal App: Unchained

In this blog, I will give you my opinion on how I prefer apps to be deployed. When deploying a zero-trust modern workplace you need to make sure your users are not members of the local admin group. Take a look at my blogs if you want to make sure a user is never a local admin. When your users are no local admin anymore, you can implement an AppLocker policy to make sure your devices are secure. But here…

Read More Read More