Hello everyone,

We use GCPW for Windows authentication at our company, and it also allows us to install software on our client PCs within our domain. Among the software installed is a GLPI Agent that reports hardware configurations to us. Recently, we discovered a computer outside our domain that had these software packages installed. Although the programs were theoretically publicly accessible, the exact configurations and server endpoints were distributed only through Google settings, leading us to believe that Google may have distributed them to a device outside our domain.

We are now questioning how such a situation could occur and whether software deployment via GCPW should generally be considered insecure. Has anyone else experienced similar issues or have insights into this matter?

Looking forward to hearing your thoughts and experiences.