From what I understand, you need to explicitly allow "depends on" apps for a given app to work,
However, what if I want to only allow the "child" application, but not the parent?
My example is "logmein." We explicitly block it since it violates policies to have employees to set up their own remote access into our network. However, Microsoft uses LogMeIn as a support tool. I think that functionality is the "logmeinrescue" application.
So how can I set up my security policy to allow logmeinrescue, but not allow generic logmein? I'm not sure if it is possible.
If some app depends on other then both have to be permitted.
For example when you go to google-translate then web-browsing application is first detected and then later on application shift happens and application will turn to google-translate.
If you would block web-browsing then you could never get to google-translate and you could not use it.
Maybe someone has better idea but of the top of my head I would give few.
- Have limited number of people who you give logmein permission (maybe helpdesk).
- Limit logmein during working hours only (then users can't log into computer when they go home after work)
- Set up continue page for logmein so persons would have to click continue button manually on fw response page (or know overide password).
- Set up Group Policy to log off inactive users. So when users go home their workstations log off. And create Firewall policy that blocks unauthorized users to access internet (maybe only software-update sites).
- Set up reporting and punish non behaving users :)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!