Install to Program Files instead of appdata due to blocking EXEs from other locations
We are implementing AppLocker to block ALL EXEs from running from other locations other than Windows and Program Files. We know we could make an exception, however it is still a vulnerability as users can still alter data in the appdata. In addition, for every user it will have an individual install. I understand the ease of use and profile based configuration that Teams is geared towards, however we would like BOTH options for enterprise and education environments.
Je suis tout à fait accords.
Sur les versions Windows Enterprise, il n'y a aucune raison que ce soit l'utilisateur qui installe les applications.
Avec les GPO, il est possible d'attribuer / distribuer les versions MSI en respectant les dossiers "Program files".
Il est anormal qu'un EXE/DLL arrive dans un dossier autorisé à l'écriture pour l'utilisateur.
La règle devrait être simple : si le dossier est autorisé à l'écriture, il doit être impossible d'exécuter un EXE/DLL/Script qui s'y trouve.
Merci de faire de la sécurité une priorité.
Jacob Hill commented
I can't believe Teams isn't installed in Program Files. Makes app white listing quite painful.
Chris Campbell commented
The policy of installing executables in the user's appdata folder means that the computer must be made insecure to use Teams. An option to install in a location such as %programfiles% is needed.
Bjørn T commented
YES to this, I have locked local storage on Intune PC's for Elementary school students, they have their own users to log on and Teams need to install on every user, that is quite unecessary and sometimes it bugs out and never install itself as well, if we could get a install to programfiles, at least it would be available to all users at all times.
We will be unable to utilize Teams until this issue is resolved.