With help from this forum I've been able to identify and label a group of computers that are authorized to run a particular legacy application. How would I prevent the application from being executed on all of our KACE managed computers except for the authorized group? The "Disallowed Programs Policy" script makes it pretty easy to block execution from a defined set, but it wasn't readily apparent how to do the inverse, i.e., block execution from everything except a defined set. Thanks much!
0 Comments   [ + ] Show Comments


Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.


I would make a label whose conditions is the inverse of the other one.

You could also make a label that fires after the other one that checks to see if it's in the other label and if it isn't then label it -- this would be a custom filter.
Answered 12/08/2010 by: GillySpy
Seventh Degree Black Belt

Please log in to comment
A Smart label that looks for a common criteria (like domain name or OS Name), and NOT in the authorized label might be another similar approach.
Answered 12/09/2010 by: cblake
Red Belt

Please log in to comment
Thanks all. Defining the inverse was not as hard as I thought it would be. Within the Scripting/Custom Inventory capabilities, I couldn't find any "Logical Not" functionality, but the capability does exist when defining a Smart Label. So I created a manual label (e.g., "AuthorizedMachines") associated with all the computers authorized to run the software, then created a Smart Label (e.g., "DenyExecute" defined by "Label Name" "does not contain" "Authorized Machines".

So now I can run the "Disallowed Programs Policy" script against the "DenyExecute" label to block them from running the app, and control who can run the app by adding/removing the machine from the "AuthorizedMachines" label.

Anything I should be concerned about with this approach?
Answered 12/10/2010 by: kawelea
Orange Belt

Please log in to comment
Answer this question or Comment on this question for clarity