Need Help Building GPO to allow ANDI

[IRLisDead]

Hello,

Firstly very sorry, as I am not well versed on ANDI or in web dev. My work is wanting to allow ANDI to function on our network.

I have been asked if the Dev Tools access is required to run/install ANDI as dev tools are blocked by our network by default.

Any other tips or examples of how ANDI was handled from a GPO perspective would be much appreciated. I am certain that some baseline STIGs are in the way as well.

Sorry for being so lost. If there is a more appropriate place for this question please let me know!

[JohnCotterSSA]

Dev tools is not required to run or install ANDI. ANDI is a bookmarklet - essentially a javascript that gets executed when a bookmark is activated. Are you having trouble getting ANDI to work, or just interested in the security aspects?

[IRLisDead]

Firstly, thank you so much for the response.

My org is wanting to better manage this tool. As of now, the only known way to get the tool to install is to allow the user dev tools access. Since you are telling me that shouldnt be the requirement I now know to look deeper into our settings to see if we are blocking the java.

I am curious if for an ORG that wants to control who can actually install the tool, if there are GPO settings ect. that we should be aware of for management.

I also assume that we should host it ourselves to allow better management of who has access. Is this correct?

Thank you again for your time. I am not well versed in this area so I appreciate the answers!

[JohnCotterSSA]

ANDI executes like a bookmark. Users are essentially just downloading some JavaScript and CSS files. Then those files are executed in the browser.

ANDI is hosted by SSA on SSA's public web servers. No data is collected from ANDI and sent to SSA. ANDI downloads jquery (a JavaScript DOM querying framework) from a CDN at google. Organizations may decide to host their own ANDI on their own web servers.