Re: Software Restriction Hash

From: klose (norepl_at_noreply.com)
Date: 02/21/04 

Date: Sat, 21 Feb 2004 09:49:36 -0500

Hi Steve,

It is a 2003 AD domain and GP.
These policies are being applied on XP Pro.

I am already working from the white paper you referred and have been
reviewing your similar related posts.
There is some other issue going on.

The hash was created, in this case AOL V9, in the machine GP policy.
The same copy of the software was moved to the XP pro client and tested. The
hash is an exact match.
I have been testing this GP on a test container and new GP with only these
options. The user and the machine are both getting this GP applied and
confirmed with gpupdate/result.

Specifically, the option which prevents local admins is not working.
When a regular user logs on, they are prevented to install. When a local
admin logs on, they can freely install the software.

The path rule could be used, and I have not tried that yet. But the Hash
should block the install. I prefer to get the hash working to prevent the
exe from running at all.

I wonder if there is some other local or GP that overides this local admin
rule.

"Steven L Umbach" <sumbach@nospam-ameritech.net> wrote in message
news:0dHZb.12777$PY.8511@newssvr26.news.prodigy.com...
> I assume this is an XP Pro or W2003 machine as SRP do not work on W2K
> machines. Possibly the administrator is using a different version of the
> application that does not correspond to the hash. See link below for more
> details on SRP as you may also want to try path rules in addition to
> ash. -- Steve
>
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/maintain/rstrplcy.asp
>
> "Klose" <noreply@noreply.com> wrote in message
> news:1403701c3f837$60d83e20$a001280a@phx.gbl...
> > My GP Machine software restriction hash prevents a user
> > from installing an applicaiton OK , but still allows the
> > local admin to install it.
> > The option was set to ALL USERS, so the local admins
> > could not bypass it.
> >
> > Why doesn't this work?
>
>

Relevant Pages

  • Re: Three Day Activation
    ... I decided to install a video card and uninstall my onboard ... > the number of changes and how it compares to the hash that is ... repair install of XP Pro. ... I was immediately locked out of XP Pro, and could only boot in safe mode. ...
    (microsoft.public.windowsxp.general)
  • Re: Installing Software without being Local Admin?
    ... If they are running this ill behaved program on laptops you are about to hit a roadblock that probably can't be overcome. ... Some of you may remember back in June I posted a topic entitled 'Network Computer Games on Business Machines' which detailed the problem we were having with some of our users installing software & games on their machines, as they were local admins. ... So I need to find someway of allowing users to install fix packs/re-install the software, without giving them full local admin access. ...
    (microsoft.public.security)
  • Installing Software without being Local Admin?
    ... Computer Games on Business Machines' which detailed the problem we were ... as they were local admins. ... someway of allowing users to install fix packs/re-install the software, ...
    (microsoft.public.security)
  • Re: Sweet mother of Pete........
    ... "Power Users", but NO local admins. ... than you can imagine every day because my users can't install things. ... I'm POSITIVE the sigs were up to date. ... just pull out of his local address book. ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: Name Changes
    ... What do they actually need to install all the time? ... If they're local admins, they can usually do what they like. ... purports to scan for spyware as well. ... >> don't add any domain users to the local machines' local groups. ...
    (microsoft.public.exchange2000.admin)
Loading