RE: How to block users from installing other apps

From: Laura A. Robinson (larobins_at_bellatlantic.net)
Date: 06/27/03

  • Next message: Jason_Irwin_at_Dell.com: "RE: How to block users from installing other apps" 
    To: "'Matthew Wagenknecht'" <Matthew.Wagenknecht@quantum.com>, "'Jane Han'" <janehan22@yahoo.com>
Date: Fri, 27 Jun 2003 11:16:20 -0400

    Inline comments...

    > You didn't mention what the client OS is, but I'll assume
    > Windows 2000. I'm not sure if it really matters any way.

    Yes, it does.
    >
    > Through Group Policies in Acitve Directory or Local Policies
    > on the individual machines, you can control what exe's are
    > allowed to be launched. Last time I did this was on a Windows
    > 95-based production environment so it's probably changed a
    > little. Just add in the exe names for the applications that
    > you want them to run and everything else would be blacked.

    And all the user has to do is rename a verboten app to the name of an
    allowed app. This is why XP/2003 introduced software restriction policies
    based on header hash, path (usually used to unrestrict apps), IE zone and
    digital signing.
    >
    >
    > However, an easy way around this would be to rename AIM.exe
    > to whatever_is_allowed.exe. I would recommend testing this to
    > make sure I haven't made any wrong assumptions.

    You haven't. It is doable.
    >
    > Good Luck.. It really is an HR issue, not a technical issue.

    Not entirely. *Some* apps may not even be things that users realize are
    apps. Think Comet Cursor and garbage like that. Think trojans. If users have
    administrative rights on their machines, it's a security issue, not just an
    HR issue.

    >
    > Oh, yeah. Wesly Noonan hit it on the nose.. Bad application
    > design is the real issue.

    Yup.

    -----------------------------------------------------------------------------
    ------------------------------------------------------------------------------

  • Next message: Jason_Irwin_at_Dell.com: "RE: How to block users from installing other apps"

    Relevant Pages

    • Re: Pressing Enter on ListBox should invoke DoubleClick
      ... For example, in Finder when you are looking at a list of files, if you hit the Enter key you are put into the "rename" mode. ... You may successfully argue that the vast majority of Windows applications don't use this paradigm, but I cannot take seriously any claim that insists that there is no alternative implementation of a list-based user-interface that cannot be just as "standard" or "intuitive". ... I think the only apps that don't do it are made by people who don't ...
      (microsoft.public.dotnet.languages.csharp)
    • Re: Vista so secure it doesnt need Anti-Virus
      ... Uninstall/Delete apps. ... Switch between windows in an active app. ... Select "Rename from the context menu". ... Looks like the second method for the Macintosh cuts down on mouse clicks ...
      (comp.sys.mac.advocacy)
    • Re: How do I rename WINDOWS directory to Windows
      ... >> I want to rename my WINDOWS directory to Windows. ... There are apps that do NOT write to the registry at all, ...
      (microsoft.public.windowsxp.general)
    • Re: Mac eye for the Linux guy?
      ... > I'm a Unix sysadmin (Linux, Solaris, *BSD) who has been running Linux ... Windows is not an option -- the Windows trolls need not ... GIU apps. ... > Are there any decent programs supporting multiple virtual desktops ...
      (comp.sys.mac.advocacy)
    • Re: Workspace/desktop switching
      ... or even CPU time on a remote machine (won't help if it's local, ... opening/closing individual app windows in actual computer ... Zope products (web apps). ... directory, 3) swap desktops, swap tabs, click "refresh" wait ...
      (Debian-User)