Re: Limiting Users
From: Laura E. Hunter \(MVP\) (hunter(nospamplease)_at_sfs.upenn.edu)
Date: 04/22/04
- Next message: Laura E. Hunter \(MVP\): "Re: svvchost.exe"
- Previous message: salam: "Renewing certificate"
- In reply to: Elvin: "Limiting Users"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 22 Apr 2004 10:56:51 -0400
A few thoughts:
1. Have you tried using the compatws.inf Security Template on your users
workstations? This is designed to relax security settings for use with
uncooperative software apps, while not allowing your users to run amok as
local admins - might allow you to take them out of the Power Users group,
depending on the app.
2. Are you using AD? Software Restriction Policies are your friend. You
can dictate which .exe's are (or are not) allowed to be run, regardless of
local security group memberships. It's better on 2K3, but the 2000 stuff
will still work. The following KB article:
http://support.microsoft.com/default.aspx?kbid=324036 should give you a good
start in getting this configured on your 2003 network. (I don't have a URL
handy for 2000, but the policy lives under User Configuration\Administrative
Templates\System\...there's "Run only allowed windows applications" and
"don't run specific windows applications.")
(All usual caveats regarding the need for testing and your mileage varying
apply.)
-- ****************************** Laura E. Hunter - MCSE, MCT, MVP Replies to newsgroup only "Elvin" <ElvinPena@Hotmail.com> wrote in message news:2cfe01c42877$325ab080$a301280a@phx.gbl... > Greetings! I have little problem with a few "rebellious" > users that simply won't cooperate with me. Due to > certain software we are using, these particular users had > to be placed in the "Power Users" local group. > Unfortunately, they've taken a liking to installing > software such as Webshots, Weatherbug, toolbars, and > other unnecessary, spyware infested software on their > machines. Is there a way for me to completely stop them > from installing anything on their machine, yet still > remain part of the "Power Users" group such that they can > continue to use their PCs normally? > > Thank you all in advance for your help.
- Next message: Laura E. Hunter \(MVP\): "Re: svvchost.exe"
- Previous message: salam: "Renewing certificate"
- In reply to: Elvin: "Limiting Users"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
