none
ConfigMgr + FSLogic RRS feed

  • Question

  • Hi,

    I'm considering using FSLogix in a school environment - We currently use ConfigMgr to deploy applications and I was wondering how interplay between App masking and ConfigMgr detection methods are handled. For example, if a computer is deployed Adobe Reader (with a MSI, registry or file path detection rule) via ConfigMgr, and a user logs in with Adobe Reader masked via FSLogix Rule editior, will ConfigMgr try to redeploy the software?

    I was also wondering if AppX/UWP Apps can be masked using FSLogix, or does that still need to be done via AppLocker?

    Thankyou

    Thursday, October 24, 2019 4:53 AM

Answers

  • The rule assignments are pretty flexible.  I am not very familiar with ConfigMgr so I cannot say with full confidence that there would be no issues, but it would possible for example to hide Adobe Reader using the rules for user1, but allow a ConfigMgr process to see it.  Even if the configMgr process is running as the user.  The first matching assignment in the list would take effect so you would say:
    configmgr.exe (not sure if this correct just an example) -> Does Not Apply
    User1->Applies

    Now the user would not see the app through explorer or anything, but ConfigMgr.exe would.  Even if it is running as User1.

    Does that help?

    You would still need to use AppLocker for the UWP apps.
    • Edited by Brian Mann1 Thursday, October 24, 2019 7:43 PM
    • Marked as answer by Michael.G.M Friday, October 25, 2019 1:11 AM
    Thursday, October 24, 2019 7:41 PM

All replies

  • The rule assignments are pretty flexible.  I am not very familiar with ConfigMgr so I cannot say with full confidence that there would be no issues, but it would possible for example to hide Adobe Reader using the rules for user1, but allow a ConfigMgr process to see it.  Even if the configMgr process is running as the user.  The first matching assignment in the list would take effect so you would say:
    configmgr.exe (not sure if this correct just an example) -> Does Not Apply
    User1->Applies

    Now the user would not see the app through explorer or anything, but ConfigMgr.exe would.  Even if it is running as User1.

    Does that help?

    You would still need to use AppLocker for the UWP apps.
    • Edited by Brian Mann1 Thursday, October 24, 2019 7:43 PM
    • Marked as answer by Michael.G.M Friday, October 25, 2019 1:11 AM
    Thursday, October 24, 2019 7:41 PM
  • Ahh yep OK, I understand where you're coming from - This will require some testing.

    Thanks very much

    Friday, October 25, 2019 1:11 AM