{"id":75559,"date":"2023-05-25T17:07:19","date_gmt":"2023-05-25T21:07:19","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&#038;p=75559"},"modified":"2023-06-05T13:09:10","modified_gmt":"2023-06-05T17:09:10","slug":"manage-software-restrictions-using-policies","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/manage-software-restrictions-using-policies","title":{"rendered":"Manage Software Restrictions Using Policies"},"content":{"rendered":"\n<p>To protect a device from potential threats, you can control access to it by identifying which applications should be allowed access or which should be blocked. In the JumpCloud Admin Portal, you use a policy to create this list.<\/p>\n\n\n\n<p>JumpCloud&#8217;s policy framework lets you remotely apply configuration settings to one managed device or the entire fleet in your organization. These policy settings let you customize your managed devices and make them more secure.<\/p>\n\n\n\n<p>You can create the following policies to specify locations where applications can run or can\u2019t run:<\/p>\n\n\n\n<ul>\n<li>Software Restrictions (Windows devices)<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Allow vs. Deny&nbsp;<\/strong><\/h2>\n\n\n\n<p>JumpCloud provides two primary approaches for managing which applications get access to a device \u2014 allowing access or denying it. Both methods have their pros and cons. The right choice depends on your organization\u2019s needs and goals.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Denying Access<\/strong><\/h3>\n\n\n\n<p>Creating a list to restrict access is the traditional approach to access control and has long been used by anti-virus tools, spam filters, and other security software programs. This approach is threat-centric. Any application or directory not on the deny list is granted access, but anything that\u2019s known or expected to be a threat is blocked.<\/p>\n\n\n\n<ul>\n<li>The denial of access approach works on a simple principle\u2014identify the known and suspected threats, deny them access, and let everything else go.<\/li>\n\n\n\n<li>A deny list can never be comprehensive since new threats emerge constantly.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Allowing <\/strong>Access<\/h3>\n\n\n\n<p>Instead of creating a list of threats, you create a list of permitted applications and directories and block everything else. This approach is based on trust, and the default is to deny anything new unless it\u2019s proven to be acceptable, resulting in a much stricter, more secure approach to access control.<\/p>\n\n\n\n<ul>\n<li>Use an allow list reduces risks of someone maliciously gaining access to your device more than a deny list.<\/li>\n\n\n\n<li>While using an allow list&nbsp;offers stronger security, it can also be more complex to implement. If you regularly change the tools you use, you also need to update your list.<\/li>\n\n\n\n<li>Using a&nbsp;list of allowed applications also restricts what users can do with their devices. They can\u2019t install something they might need if an administrator doesn\u2019t know about it and allow it, which limits their creativity and the tasks they can perform.<\/li>\n<\/ul>\n\n\n\n<p>Creating a deny list is normally used when administrators want to make it easy for users to access devices, and to minimize administrative effort. For example, an IT admin in charge of the devices for a school may want to block specific applications such as games or streaming, but generally allow various apps for students to do their work.<\/p>\n\n\n\n<p><strong>Considerations:<\/strong><\/p>\n\n\n\n<ul>\n<li>Even if you add an application to a&nbsp;deny list or leave it off the allowed&nbsp;list, the JumpCloud policy doesn\u2019t perform the following actions:\n<ul>\n<li>Prevent a user from downloading an application restricted by your policy.<\/li>\n\n\n\n<li>Forcibly remove any applications already downloaded.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>If you log on to a device where a deny list or allow list policy is applied, and you use an account with administrator privileges, you can bypass the policy restrictions if necessary. If you&nbsp;select the option to&nbsp;<strong>Exclude Administrator<\/strong>&nbsp;from the policy, when you right-click on an app and select run as administrator, you\u2019ll see the following behavior:\n<ul>\n<li>If you\u2019re in the Administrators group, the app starts normally.<\/li>\n\n\n\n<li>If you aren\u2019t in the Administrators group, you\u2019ll have to select a username in the administrators group and enter that user\u2019s credentials before the app starts.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Users can move application files from a&nbsp;folder on the deny list to the desktop. If they do, the denial of access policy no longer applies since the files are in a different folder. This means the user can run these files and your policy restrictions won\u2019t apply.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>To protect a device from potential threats, you can control access to it by identifying which applications should be allowed [&hellip;]<\/p>\n","protected":false},"author":201,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[2852,2862,3079],"support_tag":[],"coauthors":[2835],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Manage Software Restrictions Using Policies - JumpCloud<\/title>\n<meta name=\"description\" content=\"To protect a device from potential threats, you can control access to it by identifying which applications should be allowed access or which should be blocked.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/manage-software-restrictions-using-policies\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Manage Software Restrictions Using Policies\" \/>\n<meta property=\"og:description\" content=\"To protect a device from potential threats, you can control access to it by identifying which applications should be allowed access or which should be blocked.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/manage-software-restrictions-using-policies\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2023-06-05T17:09:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"890\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"alexsnyder\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/manage-software-restrictions-using-policies\",\"url\":\"https:\/\/jumpcloud.com\/support\/manage-software-restrictions-using-policies\",\"name\":\"Manage Software Restrictions Using Policies - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"datePublished\":\"2023-05-25T21:07:19+00:00\",\"dateModified\":\"2023-06-05T17:09:10+00:00\",\"description\":\"To protect a device from potential threats, you can control access to it by identifying which applications should be allowed access or which should be blocked.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/manage-software-restrictions-using-policies#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/manage-software-restrictions-using-policies\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/manage-software-restrictions-using-policies#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Manage Software Restrictions Using Policies\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Manage Software Restrictions Using Policies - JumpCloud","description":"To protect a device from potential threats, you can control access to it by identifying which applications should be allowed access or which should be blocked.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/manage-software-restrictions-using-policies","og_locale":"en_US","og_type":"article","og_title":"Manage Software Restrictions Using Policies","og_description":"To protect a device from potential threats, you can control access to it by identifying which applications should be allowed access or which should be blocked.","og_url":"https:\/\/jumpcloud.com\/support\/manage-software-restrictions-using-policies","og_site_name":"JumpCloud","article_modified_time":"2023-06-05T17:09:10+00:00","og_image":[{"width":890,"height":525,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/07\/202405-MISC-JumpCloudHelpCenter-SiteDisplay-min-2.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"3 minutes","Written by":"alexsnyder"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/manage-software-restrictions-using-policies","url":"https:\/\/jumpcloud.com\/support\/manage-software-restrictions-using-policies","name":"Manage Software Restrictions Using Policies - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"datePublished":"2023-05-25T21:07:19+00:00","dateModified":"2023-06-05T17:09:10+00:00","description":"To protect a device from potential threats, you can control access to it by identifying which applications should be allowed access or which should be blocked.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/manage-software-restrictions-using-policies#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/manage-software-restrictions-using-policies"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/manage-software-restrictions-using-policies#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"Manage Software Restrictions Using Policies"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/75559"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/201"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/75559\/revisions"}],"predecessor-version":[{"id":81546,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/75559\/revisions\/81546"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=75559"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=75559"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=75559"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=75559"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}