Defining a group of all computers except these.
With help from this forum I've been able to identify and label a group of computers that are authorized to run a particular legacy application. How would I prevent the application from being executed on all of our KACE managed computers except for the authorized group? The "Disallowed Programs Policy" script makes it pretty easy to block execution from a defined set, but it wasn't readily apparent how to do the inverse, i.e., block execution from everything except a defined set. Thanks much!
0 Comments
[ + ] Show comments
Answers (3)
Please log in to answer
Posted by:
GillySpy
14 years ago
Posted by:
cblake
14 years ago
Posted by:
kawelea
14 years ago
Thanks all. Defining the inverse was not as hard as I thought it would be. Within the Scripting/Custom Inventory capabilities, I couldn't find any "Logical Not" functionality, but the capability does exist when defining a Smart Label. So I created a manual label (e.g., "AuthorizedMachines") associated with all the computers authorized to run the software, then created a Smart Label (e.g., "DenyExecute" defined by "Label Name" "does not contain" "Authorized Machines".
So now I can run the "Disallowed Programs Policy" script against the "DenyExecute" label to block them from running the app, and control who can run the app by adding/removing the machine from the "AuthorizedMachines" label.
Anything I should be concerned about with this approach?
So now I can run the "Disallowed Programs Policy" script against the "DenyExecute" label to block them from running the app, and control who can run the app by adding/removing the machine from the "AuthorizedMachines" label.
Anything I should be concerned about with this approach?
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
so that the conversation will remain readable.