[QGIS-Developer] Blocking of SAGA & GRASS batch files by Windows AppLocker
pergler at gmail.com
pergler at gmail.com
Fri Jun 17 08:55:58 PDT 2022
Dirk - and others:
I'm not a core developer, but I have some experience with AppLocker.
I believe your IT staff or perhaps even yourself ought to be able to code an
"Allow" permission exception in AppLocker, based for instance on the
guidance at
https://www.tenforums.com/tutorials/124016-use-applocker-allow-block-script-
files-windows-10-a.html
You will have to allow scripts in directory
%userprofile%\AppData\QGIS\QGIS3\PROFILES\DEFAULT\PROCESSING
Or something like that, I don't have AppLocker active to test it out; it's
wherever the offending batch files get placed.
With all respect to innocent users like you caught in the middle, I do feel
that an application, like QGIS, that does processing can very reasonably be
expected to need to write and execute dynamic script files to communicate
with other programs. This is, in fact, arguably exactly why script files
were invented many years ago. Blanket forbidding their execution is a
simplified but overzealous security policy measure, and your IT department
should be willing to work with you to create an exception for your use case.
In fact, the running of scripts in a user-writable directory, whether they
are dynamically generated by trusted software like QGIS, or written manually
by you, is a pretty standard tool in running replicable geospatial analysis
of any sort. So I think the appropriate analog you should use in discussing
with your IT dept is that it would be equally unreasonable to preclude you
from running any new program (executable) files on your computer if you were
a developer who was compiling code!
On Fri Jun 17 05:06:18 PDT 2022, Dirk.Pispers at STADT-KOELN.DE wrote via
qgis-developer:
> Hi list,
> refering to the post "Blocking of SAGA & GRASS batch files by MS
AppLocker<https://www.mail-archive.com/qgis-developer@lists.osgeo.org/msg514
08.html>"
> in Aug 2020 I would like to reopen the discussion about the
SAGA/GRASS/AppLocker problem.
> I my organisation AppLocker has recently been activated und the generated
batch files from SAGA and GRASS processings are blocked now.
> Since switchting to a different file location is not a valid solution as
Nyall Dawson postet in 2020, is it possible to submit the command directly
in QGIS instead of writing it into a batch file und call this file?
---
Martin Pergler
<mailto:mp at pergler.org> mp at pergler.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-developer/attachments/20220617/30f637cb/attachment.htm>
More information about the QGIS-Developer
mailing list