10. Portable Apps
10.1 What is it, how does it work, and what's the danger?
Portable Apps are versions of many applications that can run on your system without administrative rights; they all run from USB or file system without "installation". Corporate standard software is rendered meaningless if anyone can bring in their own browser, word processor, file zipper, and email clients, and use them at will. See https://portableapps.com for the range of tools that can run from your USB
10.2 How to detect and stop
Group policy could block a specifically identified application such as the portable apps launcher, but if a portable app is launched individually without running the launcher, it is harder to block.
Security training and education could point out the obvious danger of using unauthorized software brought in on a USB drive. Since such portable apps are not actually installed and no registry changes are required, most of these can be executed without local administrator privileges. The security training and education has to emphasize that the danger of using such randomly obtained software is as stupidly risky and dangerous as opening email attachments from people you don't know.
Perhaps the most effective strategy would be to forestall a sense in the user community that they need to circumvent corporate IT and corporate security policy: be helpful and directly support the users and deliver services they need, that have been reviewed and secured, and verified to be compliant applications. If using approved software is the path of least resistance, and it supports user needs, users who deliberately continue to violate good security practice and corporate policy – perhaps should be appropriately disciplined.
10.3 Observation
There are many applications that do not require "installation" (which typically requires administrative rights); one already mentioned is ngrok.
Another way to run software on company owned computers without needing administrative rights is covered in the next part, under Desktop Virtualization: it's possible to run a Windows or Linux operating system in a virtual machine on your Windows, Linux, or Mac. One free platform is Oracle's VirtualBox. Since the user is the creator and admin of the virtual machine, she can install and use any software at all! More in the next section.