Author Topic: Applications Detection Method  (Read 1729 times)

Offline Carl87

  • Newbie
  • *
  • Posts: 5
    • View Profile
Applications Detection Method
« on: August 14, 2019, 07:17:19 AM »
Hi,
We are slowly introducing applications base install in our environment.
However we are facing issues with the detection method, as you may now SCCM powershell scripts detection method runs as user context for deployments user available.
In our environment for security reasons, we are restricting the usage of powershell and CMD.
So users who are not allowed to run powershell, can not go to the catalog and install applications where the detection method is a powershell script.
Do you have any alternative, or you can provide other detection method for applications (I generally use registry keys in most of my apps)
Thanks in advance

Offline Justin Chalfant

  • Patch My PC Support
  • Administrator
  • Hero Member
  • *****
  • Posts: 2104
    • View Profile
    • Patch My PC Support
Re: Applications Detection Method
« Reply #1 on: August 14, 2019, 07:20:53 AM »
Hey Carl,

We only support Powershell detection methods. We came across this issue where an application detection method runs under user-context even when the deployment type is set to Install Per SYSTEM. Seems like odd behavior to us and we are working with the Microsoft product group to try to understand if this is by design or could be changed.

One option would be to allow signed scripts or even scripts only signed by your code-signing certificate. I'm not entirely sure what method you are using to block it, but this would be the only workaround I can see with the current ConfigMgr execution behavior for user-based deployments.

Hi,
We are slowly introducing applications base install in our environment.
However we are facing issues with the detection method, as you may now SCCM powershell scripts detection method runs as user context for deployments user available.
In our environment for security reasons, we are restricting the usage of powershell and CMD.
So users who are not allowed to run powershell, can not go to the catalog and install applications where the detection method is a powershell script.
Do you have any alternative, or you can provide other detection method for applications (I generally use registry keys in most of my apps)
Thanks in advance

Offline Carl87

  • Newbie
  • *
  • Posts: 5
    • View Profile
Re: Applications Detection Method
« Reply #2 on: October 30, 2019, 03:51:50 AM »
Hi Justin,

Do you have an update status, on the detection method subject ?
Do you know what plan microsoft has to fix this behaviour

Thanks in advance

Offline Justin Chalfant

  • Patch My PC Support
  • Administrator
  • Hero Member
  • *****
  • Posts: 2104
    • View Profile
    • Patch My PC Support
Re: Applications Detection Method
« Reply #3 on: October 30, 2019, 08:02:19 AM »
With regards to it executing under user-context? That will seems to be by design from the SCCM product group. We did fix some of the issues where you may get access denied due to the way that log was saved.

Hi Justin,

Do you have an update status, on the detection method subject ?
Do you know what plan microsoft has to fix this behaviour

Thanks in advance