Re: restricting software installation
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 07/30/05
- Next message: rafik: "Re: Antivirus System"
- Previous message: Leandro Amore: "Re: Changing local file rights"
- In reply to: param_at_community.nospam: "Re: restricting software installation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 30 Jul 2005 13:32:15 -0700
One simply opens the AD Users and Computers mmc and then
navigates to where the new OU should be defined - for you case
a likely place would be within the location where your client
machine computer objects may be seen - and then right click on
that container within which the new OU will be defined and
select to define a New Organizational Unit there.
To define the new GPO you can click on the newly defined OU
and select to define a new GPO, and it will come already linked
onto the OU. If you have not yet, you may want to download the
GPMC tool findable at microsoft.com/downloads since the GPMC
much improves managability features for GPOs.
-- Roger Abell Microsoft MVP (Windows Security) MCSE (W2k3,W2k,Nt4) MCDBA <param@community.nospam> wrote in message news:uc20TMykFHA.1244@TK2MSFTNGP10.phx.gbl... > How would I go about setting up an OU and will that new OU disrupt my SBS > configuration? I know SBS does a bunch of unique A/D stuff.. > > TIA! > > "Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message > news:%236ot67xkFHA.3164@TK2MSFTNGP15.phx.gbl... > > Nathan is correct, that if you client machines are XP at a relatively > > native state as per initial install, then just making the domain users > > log in as on Users group members will go a long way to restricting > > their install capabilities (not stop it totally however). > > The main vehicle today to go the next step is the same software > > restriction policies you have been trying. Just take a machine in > > a new test OU, a test domain user account also in the OU, and > > evolve your software restrictions in a new GPO that is linked to > > that test OU. When you get the desired result, link the GPO to > > the OU that holds the real client machines. > > > > -- > > Roger Abell > > Microsoft MVP (Windows Server System: Security) > > MCDBA, MCSE W2k3+W2k+Nt4 > > <param@community.nospam> wrote in message > > news:O4Rd7HskFHA.1996@TK2MSFTNGP10.phx.gbl... > >> Hi all, > >> > >> We run a single Server 2003 domain running on SBS2003. What I want to do > >> is restrict users from installing programs on their machine. If they want > >> to install a program they would have to call an Admin to do it. Ideally, > >> it would be nice if I can have an approved list of programs that they can > >> install, and anything not in the list they would have to contact an > >> admin. Any suggestions/best practices on this? I have tried messing with > >> the Software Restriction Policies in the gpedit tool, but that ended up > >> giving all kinds of errors on the machines including error messages when > >> Outlook was opened. Probably because of Adobe Professional plugins that > >> get installed into Outlook & Office products. > >> > >> thanks! > >> > > > > > >
- Next message: rafik: "Re: Antivirus System"
- Previous message: Leandro Amore: "Re: Changing local file rights"
- In reply to: param_at_community.nospam: "Re: restricting software installation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
