Re: Restrict Applications
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 06/24/05
- Next message: Twas: "Missing security tab in Windows 2000"
- Previous message: kdc: "C++ RADIUS client"
- In reply to: Jardyus: "Re: Restrict Applications"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 24 Jun 2005 12:01:58 -0700
Yes, you could do it that way, applying one policy across the domain
and using an overriding GPO on an OU to exempt some machines.
However, beware: Software Restriction Policy only applies to
XP and W2k3, and is very powerful and takes some experimentation
to get used to. Also, I am speaking of Software Restriction Policy,
not older, weaker policy available in W2k.
http://support.microsoft.com/search/default.aspx?spid=global&query=%22software+restriction%22&catalog=LCID%3D1033&pwt=false&title=false&kt=ALL&mdt=0&cat=true&comm=1&ast=1&ast=2&ast=3&ast=9&mode=a&x=14&y=19
-- Roger Abell Microsoft MVP (Windows Security) "Jardyus" <yussil AT juno DOT com> wrote in message news:e55DftNeFHA.228@TK2MSFTNGP12.phx.gbl... > I just want to see if I understand what you're saying. The only software > restriction policy that I see is under User Config/Admin Templates/System. > If I block this program at the domain level will it affect all the computers > in the domain? And then I can create another OU with the policy disabled and > add the computers (Computer accounts in AD) that I want to be able to run > the app to that OU? > "Roger Abell" <mvpNOSpam@asu.edu> wrote in message > news:ed4WKQHeFHA.2420@TK2MSFTNGP15.phx.gbl... > > You would likely want to define a new GPO, in group policy. > > You can search on either SAFER or Software Restriction Policy. > > A good place for overview and detail on use of group policy is > > http://microsoft.com/gp > > > > -- > > Roger Abell > > Microsoft MVP (Windows Security) > > MCSE (W2k3,W2k,Nt4) MCDBA > > "Jardyus" <yussil AT juno DOT com> wrote in message > > news:%23x6J9UDeFHA.2128@TK2MSFTNGP14.phx.gbl... > >> You are correct, in your assumption, and the client machines are XP. Can > > you > >> point to the location of the GPO. I cannot seem to find it in Computer > >> Config. Thanks. > >> "Roger Abell" <mvpNOSpam@asu.edu> wrote in message > >> news:O3DLwGDeFHA.688@TK2MSFTNGP14.phx.gbl... > >> >I am assuming you mean allow or disallow specific applications > >> > for use on specific machines, rather than configure a specific box > >> > to use a specific application as its shell and only executed > > application. > >> > > >> > If those client machines are XP then you could apply Software > >> > Restriction Policy via a GPO that has only the intended machines > >> > in its scope such as a GPO linked to the OU containing only those > >> > machines. As Software Restriction Policy is not a W2k feature > >> > you would find managing the settings of this GPO most convenient > >> > when done from a W2k3 or XP machine. > >> > > >> > -- > >> > Roger Abell > >> > Microsoft MVP (Windows Security) > >> > > >> > "Jardyus" <yussil AT juno DOT com> wrote in message > >> > news:%234uCmdCeFHA.3620@TK2MSFTNGP09.phx.gbl... > >> >> I am running a Windows 2000 domain. I would like to know if it is > >> >> possible > >> >> to configure specific computers to run or not run an application. I do > >> >> not > >> >> want this to apply to the entire domain, rather to select machines. If > >> >> anyone knows of a way to do this please let me know. Thanks. > >> >> > >> >> > >> > > >> > > >> > >> > > > > > >
- Next message: Twas: "Missing security tab in Windows 2000"
- Previous message: kdc: "C++ RADIUS client"
- In reply to: Jardyus: "Re: Restrict Applications"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
