Patch My PC Feature and Application Request
A community where customers and the community can provide feedback to make a better product for everyone! For more details on how we prioritize request, please see:
A community where customers and the community can provide feedback to make a better product for everyone! For more details on how we prioritize request, please see:
Certain Governments are requesting that powershell on workstations run with CLM enabled. Using this feature enabled, the detection script used with PatchMyPc fails as it uses lines which are blocked. There already apparently is working scripts with the Intune version of the detection script with CLM enabled, Can we get this with the SCCM deployment version?
CLM aggressively lowers what can be done with PowerShell, which means most of our detection logic fails.
The solution to this is to configure your AppLocker policies to enable location based "whitelisting" and configuring code-signing for all detection / requirement scripts from the PMPC Publisher.
I do not believe there is anything else we can do.