Controlling installation of software from the cloud
Discussion
Interested to hear of peoples experiences and recommendations please?
I manage an estate of > 200 Windows 7 Pro and Windows 10 Pro desktops and laptops spread over 15 sites. A lot of the remote sites have just a handful of computers, no server and are not VPN'd to the head office - they just have a BT broadband link to access corporate web-based software.
I'd like to audit the software installed on each PC remotely and also limit installations via a whitelist. As the PCs are not in a single domain I'm looking for something cloud based to do the central management. The easier and cheaper the better, with "easy" taking precedence over "cheap" if required.
What's the best approach?
Thanks in advance!
I manage an estate of > 200 Windows 7 Pro and Windows 10 Pro desktops and laptops spread over 15 sites. A lot of the remote sites have just a handful of computers, no server and are not VPN'd to the head office - they just have a BT broadband link to access corporate web-based software.
I'd like to audit the software installed on each PC remotely and also limit installations via a whitelist. As the PCs are not in a single domain I'm looking for something cloud based to do the central management. The easier and cheaper the better, with "easy" taking precedence over "cheap" if required.
What's the best approach?
Thanks in advance!
Not sure about audit but you can use InTune MDM to manage PCs as well as mobile devices:
https://docs.microsoft.com/en-gb/intune-classic/de...
https://docs.microsoft.com/en-gb/intune-classic/de...
We're looking at this for our school as we now provide support for some others too.
https://senso.cloud/#home
https://senso.cloud/#home
Cheers guys. It's the whitelisting in particular I'm interested, would like to go for Cyber Essentials certification for the company. Want to control what is installed on each PC.
I've been reading up on Carbon Black today: https://www.carbonblack.com/products/cb-protection...
I've been reading up on Carbon Black today: https://www.carbonblack.com/products/cb-protection...
I don't know your setup but I would be very surprised if software management is the only thing stopping your remote offices being compliant.
Usually in this situation companies are better off doing what they need to do to ensure the remote office pcs are outside the scope of the certification. Otherwise not only are the pcs in scope, the whole network is.
Usually in this situation companies are better off doing what they need to do to ensure the remote office pcs are outside the scope of the certification. Otherwise not only are the pcs in scope, the whole network is.
giveitfish said:
Cheers guys. It's the whitelisting in particular I'm interested, would like to go for Cyber Essentials certification for the company. Want to control what is installed on each PC.
I've been reading up on Carbon Black today: https://www.carbonblack.com/products/cb-protection...
You don't need to do that for Cyber Essentials or Cyber Essentials Plus.I've been reading up on Carbon Black today: https://www.carbonblack.com/products/cb-protection...
Wanting to control what's installed is sensible, but Cyber Essentials is around much more basic sensible things such as not giving everyone in the company admin rights.
well from what you've said it sounds like you have insufficient control over the machines, so it's hardly an assumption. I hope the employees you support don't have access to customer data or anything that might leave your employer exposed, but if you don't know what apps they use you probably don't know what data they are using either.
Sorry I was a bit snippy, but you're just reinforcing my point.
The whole point of my original question was to get a feel for how others are doing exactly that - controlling what software is installed - in an environment which does not look like a large corporate setup.
I'm sure everything is very pretty looking down from your ivory tower, but in my current organisation there will be no tower until I've first laid some foundations. At this stage that won't involve a corporate WAN or VDI but if I can find a decenct endpoint management and control tool that will be a start.
The whole point of my original question was to get a feel for how others are doing exactly that - controlling what software is installed - in an environment which does not look like a large corporate setup.
I'm sure everything is very pretty looking down from your ivory tower, but in my current organisation there will be no tower until I've first laid some foundations. At this stage that won't involve a corporate WAN or VDI but if I can find a decenct endpoint management and control tool that will be a start.
Edited by giveitfish on Sunday 28th May 21:54
bhstewie said:
giveitfish said:
The whole point of my original question was to get a feel for how others are doing exactly that - controlling what software is installed - in an environment which does not look like a large corporate setup.
Admin Rights is the single biggest thing you can do here.Are all the devices owned by the company? Or is it a bring your own device scheme?
If the first, then why not look at Azure's cloud hosted active directory? Offers the same Group Policy settings as a full blown server, but allows the flexibility of connectivity across multiple sites without VPN's etc.
If the first, then why not look at Azure's cloud hosted active directory? Offers the same Group Policy settings as a full blown server, but allows the flexibility of connectivity across multiple sites without VPN's etc.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff