Re: Policy
From: Sam (sam.security_at_link.net)
Date: 09/13/04
- Previous message: Steven L Umbach: "Re: how to modify complexity password policy"
- In reply to: BOFH: "Re: Policy"
- Next in thread: Andrew Mitchell: "Re: Policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 13 Sep 2004 09:20:23 +0300
Thanks a lot for these information but may I ask you what is the steps to
restrict access to the C drive.
The new point came in my mind too is how to restrict any body how has a
Hardware device like USB memory or whatever.
"BOFH" <john.hamilton70@ntlworld.com> wrote in message
news:2qk79gF10j3cmU1@uni-berlin.de...
> I understand what you are saying...but what I tried to say is that Group
> Policy restricting access to the C drive and downloading from IE are
simply
> bypassed by clicking 'Open' rather than 'Save'
>
> It's most annoying. I run a secondary school network, and students opened
> an installation exe file when entering sites to setup games. The game
names
> changed frequently, so banning the program through GP was an ongoing
battle.
>
>
> "Miha Pihler" <mihap-news@atlantis.si> wrote in message
> news:unE4nEPmEHA.2680@TK2MSFTNGP15.phx.gbl...
> > Hi,
> >
> > It depends on "installation". If program consist of single .exe file
user
> > will be able to download it (by default) and run it -- but this is not
> > installation -- this is running an application.
> >
> > Users that don't have administrator privileges on the system will not be
> > able to install applications that modify/write files to the program
files,
> > system folder and/or registry.
> >
> > I hope this makes it more clear then my previous post...
> >
> > Mike
> >
> > "BOFH" <john.hamilton70@ntlworld.com> wrote in message
> > news:2qjf0tFvobfnU1@uni-berlin.de...
> > > I must disagree with you on this point friend. The 'user' type may
> > restrict
> > > access to the registry and maybe installing from removable media...but
> it
> > > does not restrict a user from installing anything from the Internet.
> The
> > IE
> > > policy may be set so that someone cant download, which is all well and
> > good,
> > > but it does not prevent them from 'Opening from this location'
> > >
> > > IE allows this method of installation and as yet have not found a way
to
> > > block it.
> > >
> > >
> > > BOFH
> > >
> > > "Miha Pihler" <mihap-news@atlantis.si> wrote in message
> > > news:#Vb5aSLmEHA.3712@TK2MSFTNGP15.phx.gbl...
> > > > Being only user and not local administrator on this PC should
prevent
> > them
> > > > from installing/removing software.
> > > >
> > > > If this doesn't help you out, you will need to describe your
situation
> a
> > > bit
> > > > more.
> > > >
> > > > Mike
> > > >
> > > > "Sam" <sam.security@link.net> wrote in message
> > > > news:uyeuzMLmEHA.3288@TK2MSFTNGP10.phx.gbl...
> > > > > they are not administrators
> > > > > "Miha Pihler" <mihap-news@atlantis.si> wrote in message
> > > > > news:#kAUrFLmEHA.3452@TK2MSFTNGP15.phx.gbl...
> > > > > > Hi Sam,
> > > > > >
> > > > > > Are users local administrators on these computers?
> > > > > >
> > > > > > Mike
> > > > > >
> > > > > > "Sam" <sam.security@link.net> wrote in message
> > > > > > news:Ok3OT1KmEHA.704@TK2MSFTNGP09.phx.gbl...
> > > > > > > How can I set up a policy that says no user has the right to
> > install
> > > > or
> > > > > > > remove programs ?? but I don't want to go on each workstation
> and
> > do
> > > > it
> > > > > I
> > > > > > > need to apply it from the server.
> > > > > > > I am using windows 2003 server and XP, windows 2000 clients.
> > > > > > > Thanks
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
- Previous message: Steven L Umbach: "Re: how to modify complexity password policy"
- In reply to: BOFH: "Re: Policy"
- Next in thread: Andrew Mitchell: "Re: Policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
