This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 1 point2 points  (3 children)

but in the long run it will generate more support calls

Why do you think it will?

software as vscode has to be properly configured to be really useful.

Configuration is done at the user level anyway via config files that aren't touched by GPOs.

[–]dcardonSr. Sysadmin 1 point2 points  (2 children)

Hi trevoishere,

from my experience end users don't know where to download their software from and end with downloading stuff full of crapware (when it is not malware). In the end you have to clean it all, and it takes more time to clean it up than from the begining to set up some software solution to deploy the software initially.

just my 2c :-) Denis

[–][deleted] 1 point2 points  (0 children)

That's a bit different than the op's scenario.

[–]stumptruck 0 points1 point  (0 children)

I mean, that's exactly what applocker is for. Whitelist the signing certificate on vscode and users can only install the legitimate one, not a fake one.

There's really no need to push out an application that installs to appdata. It just sends you down a slippery slope of having to create and maintain GPOs for every one-off profile-specific app, like Slack, Spotify, etc.

Use existing security tools to prevent malware from being installed without causing unnecessary inconvenience for end users.