Re: Prevent users from installing software
From: KR (kreal@concentric.net)
Date: 03/16/03
- Next message: Wesley: "Forgot My Password On My HP iPAQ h1910"
- Previous message: Tim Hidden: "Log on"
- In reply to: Mike: "Prevent users from installing software"
- Next in thread: Tony Sheppard: "Re: Prevent users from installing software"
- Reply: Tony Sheppard: "Re: Prevent users from installing software"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "KR" <kreal@concentric.net> Date: Sun, 16 Mar 2003 22:33:48 GMT
Hope this helps
I found this response tru a Google search:
"If your users have administrator rights, it is not possible to prevent them
from installing software - in fact, if they have administrator rights they
can do anything to the machine they want. Group policy can't really help you
in that case, other than making it harder for the user to find a way to do
what they want.
Power users also have fairly loose permissions on a machine - for example,
they can write to parts of HKEY_LOCAL_MACHINE in the registry, which gives
them quite a bit of leeway.
The only way to make sure that users can't install software on a machine is
to give them user rights only.
That said, there are a variety of policy settings you can configure that
should prevent power users (but not administrators) from installing software
in most cases. For example, you could try doing the following through
policy:
1. Block access to the command prompt by setting the "Prevent access to
command prompt" policy.
2. Block access to task manager by setting the "Remove task manager" policy.
3. Set the "Don't run specified Windows applications" policy to block
execution of "setup.exe" and "msiexec.exe"
That would prevent most installs from happening. Note that the first two
settings are needed to prevent circumvention of the third.
The exact set of policie you would want to use would depend on how locked
down you want to make the machine. Also, if your users have power user
rights there is no guarantee that they can't find a way to circumvent your
policies. The bottom line is that you can make it hard for them to install
software, but if they have the necessary rights to write to the registry and
%programfiles%, they can probably find a way to do it if they really want to
badly enough.
If your clients are running Windows XP, you can also consider using Software
Restriction Policies, which allow you to effectively block anything from
running except approved programs. This is much more foolproof than the above
method, but isn't available for Windows 2000 clients.
-Mike"
"Mike" <Reply@Newsgroup.nogo> wrote in message
news:#jw5yr#6CHA.2328@TK2MSFTNGP10.phx.gbl...
> Can anyone tell me how to prevent certain users from installing new
software
> on their computers.
> All networked PC's are running W2K Pro. I would still want to allow
> Administrators to install software if need be.
>
>
>
- Next message: Wesley: "Forgot My Password On My HP iPAQ h1910"
- Previous message: Tim Hidden: "Log on"
- In reply to: Mike: "Prevent users from installing software"
- Next in thread: Tony Sheppard: "Re: Prevent users from installing software"
- Reply: Tony Sheppard: "Re: Prevent users from installing software"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
