So great, I can still deploy the business level software without poking holes in security. During this time OneDrive for Business is a separate application deployed with the Office Suite. So with a GPO I disable OneDrive and kill the regedit responsible for triggering the setup. Couldn't believe they would do this, but figure "ok, it's the personal OneDrive app so whatever". With it's "built in" OneDrive functionality it would attempt to run a startup process that would kick off OneDrive setup in AppData. A user needs something installed, no circumventing the policies put in place, you have to get an admin or have the right to elevate.
This is something that is becoming more common due to ransomware and other malicious software. This prevents executables from trying to run from various places, most notably the AppData folder. So, in my network I implement SRP whitelisting.
0 kommentar(er)
