In a recent legacy cleanup project, I had to deal with a common but tricky problem: portable software that never shows up in standard inventory.
In our case, it was 1C:Enterprise left on user machines over time, often copied and run without installation.
The environment is fairly large (~10,000 endpoints), and even though we rely on Microsoft System Center Configuration Manager, it quickly became clear that not everything was visible.
Some instances:
- weren’t listed in installed programs
- didn’t appear in SCCM inventory
- existed only as portable copies somewhere on disk
To get full visibility, I built a simple detection approach using only native Windows tools:
- Group Policy to deploy the logic
- Scheduled Tasks running at system startup
- A VBScript wrapper for silent execution
- PowerShell scanning local drives
- Centralized CSV logging
- Aggregation into a single Excel report
This approach required no agents and was easy to scale.
In the end, it helped identify 300+ machines with unauthorized or hidden installations that were completely invisible before.
I wrote a full step-by-step breakdown with screenshots and scripts here:
https://www.hiddenobelisk.com/detecting-portable-and-unauthorized-software-with-powershell-and-gpo/
Would be interested to hear how others handle similar cases when standard tools do not show the full picture.
Top comments (0)