Endpoint Protection Policies didn't work

Hello,

unfortunately we have a little problem with the endpoints policy. So far we had blocked powershell for all users and groups via the base policy. But since we need powershell for certain scripts this way can't work for us.

We tried to block the Powershell for all employees except administrators via the policy, as well as to leave the base policy active and to release the Powershell for administrators via an extra policy.

Unfortunately this does not work. No matter which variant we used, either all users had access to the Powershell or none.

This is our Policy for Allowing Powershell. The only group that is activated is the Administrators group. The Base Application Control Policy blocks it for everyone first.



Edited tags
[edited by: Gladys at 3:01 PM (GMT -7) on 3 Jul 2023]
  • Thank you for reaching the community forum.

    How many policies do you have for Application control? If you only use the base Policy, this won't work. You need to Create two separate policies for your administrator that has allowed access and for your users that have blocked access. 

    Application control policy can be applied. either User base or Group based so you can select which users can have access by adding them to the policy where they need to reside or by group, Provided that those group/s have identified what level of access they require. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids