In some organisations IT admins blocks all executable to run on computers for various reasons. And, if the users run gotomeeting or webex sessions quite often then its a bit of a pain to allow it to run because of its complexity to install and run.
In this post, we will focus on how to allow gotomeeting to run on computers using SRP gpo. Assuming you are using SRP to block executable etc. You can use the same process for webex.
There are 2 ways you can achieve this goal depending on your environment.
1. Applocker
2. Software restriction policy to add cert rule
Applocker is my preferred way to go but it has some OS limitations. Please refer to the link here for more info.
Software restriction policy is a traditional and easiest way to block .EXE, .DLLs, scripts, windows installers. Please see the link here to compare the features and functions.
Allow gotomeeting step by step guide:
1. Install remote server administration tools if you haven’t installed already. (win7)Go to program and features area, on left hand side, click ‘Turn windows features on or off’ => In the windows features dialog box, expand ‘Remote server administration’ tool => expand ‘Feature management tool’ => group policy management tool => tick the box and ok.
2. Run gotomeeting on to your computer/ the computer where you have local admin rights
3. Once installed => open Group policy management on the same computer => Go to the SRP GPO you have created to block .exe => edit the GPO => go to computer configuration => windows settings => security settings => software restriction policies => additional rules => right click in the lift hand panel and click on new certificate rule
You will see the window below:
Click on browse and go to the location where the citrix gotomeeting files are saved. In my example its under the default location C:\Program Files (x86)\Citrix\GoToMeeting\4007
Select ‘All Files’ in the right corner drop box to see all gotomeeting files and then select G2MInstaller.exe or any gottomeeting executable file to get the certificate as its tied to executable. Once you select the .exe and ok out of it. You will see certificate subject name as in the image below:
Now, ok out of this window.
4. Run gpupdate /force on the test/ users machine and try to run gotomeeting
Concerns with this solution:
1. Expiration of the certificate ( IT checks the certificate validity before allowing the application to run. The certificate will need to be changed manually for this to continue to work. Not a big issue as the certificates are generally valid for a few years but this relies on manually changing).
2. This may also impact computer performance.
Thank you so much for reading and hope you find it useful!!!