Do not allow users to uninstall F-Secure

Hi

 

In the "Centralized management" overview, I went to top level on one of my policy managers and then I removed the mark in "Allow users to suspend all downloads and updates" and also in "Allow users to uninstall F-Secure products" - In the option "Allow users to unload products" I selected "Not allowed" - And still the users are able to both uninstall F-Secure and stop the services.

 

Anyone have an idea why this does not work for me?

 

F-Secure Policy Manager Console - 11.00.47292

I tested this on two machines running Windows XP, one with Client security ver. 9 and one with ver. 11 and on one Win 7 machine with a ver. 10 client security. Every time, F-Secure could still uninstall.

 

Best regards

Morten Elmegård

Comments

  • BenBen Posts: 2,641 F-Secure Product Expert

    Hello Elme2,

     

    Did you "force value" so that to make sure the changes are  taken down on the whole structure?

    If not you can do that by going in advanced mode of the Policy Manager console, in the Policy Tab, under Management Agent>Settings>User Interface> Allow local uninstallation of f-secure products

    -Select the desired settings

    -Click on "Force value..." and confirm with OK

    -Distribute the Policy (Ctrl+D)

    -Make sure the client receive the new policy

     

    Also can you confirm that clients received the policy changes you applied?

     

    Finally note these restrictions will apply to "normal" user. User with admin rights will always be able to uninstall/modify our products.

     

    Cheers

  • Elme2Elme2 Posts: 5

    Hi Ben

     

    Thx for fast answer, I actually even tried to put it directly on a computer profile in policy manager and still it did not work.

     

    Now I tried to click force on these values, but it is without any luck.

     

    I'm not sure if I understand your last sentence correct:

     

    "Finally note these restrictions will apply to "normal" user. User with admin rights will always be able to uninstall/modify our products."

     

    I mean I want local administrators to not be able to uninstall, we manage more than 10.000 computers/users, many of those are local admins - My antivirus software needs to be able to lock the uninstall option, so that local administrators can't just go to add/remove programs and uninstall it, if they had to type a password it would be fine by me...

    What is the point of these options in F-Secure anyway, if this is only for non admins? I mean the non admins can't uninstall/install anything anyway.

     

    Cheers

  • BenBen Posts: 2,641 F-Secure Product Expert

    Hello Elme2,

     

    To clarify my last sentence please refer to the admin guide page 40 

    http://download.f-secure.com/webclub/pm11_adminguide_eng.pdf

    3.5.3 Restrictions
    Using restrictions, an administrator can restrict access to any policy variable from the user.
    Policy variables that are set to Disallow user changes always forces the setting: the policy variable overrides
    any local host value, and the end user cannot change the value as long as the Disallow user changes
    restriction is set.

     

    It is advisable from a security point of view for normal end user to perform their daily duty as normal user with corresponding rights. 

    If needed a local admin account should be provided separately and used only when needed. In that kind of set up, the user would be prompt to provide local admin credentials and password.

     

    Thank you.

This discussion has been closed.