Re: prevent application installations by power users
- From: "Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 21 Feb 2007 10:10:49 -0500
In news:595C9DA8-A6D6-40F4-8394-571EF070A6B9@xxxxxxxxxxxxx,
jinu <jinu@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
Hello,
Our domain users are locally power users.
Why?
Is there any way to block these users from installing applications.
They will be able to install some applications. Local Power Users are nearly
Administrators.
At GPO, told not to run regedit.exe
That wouldn't make any difference. You can do a lot of things via group
policy, but the best way to deal with this is to take away the permissions
so they're just Users. If you have software running on those PCs that won't
run right otherwise, see if you can change the permissions in the file
system & registry sufficiently so that ordinary users can write to those
areas as they need to. FileMon and RegMon may help you out here.
Regmon:
http://www.microsoft.com/technet/sysinternals/utilities/Regmon.mspx
Filemon:
http://www.microsoft.com/technet/sysinternals/utilities/filemon.mspx
OR Process Monitor
http://www.microsoft.com/technet/sysinternals/utilities/processmonitor.mspx
Regardless of what rights you give them, you should probably put together a
written Acceptable Computer Use policy that everyone has to sign.
But still now luck.
Please help.
.
- Prev by Date: Re: Viruses and Hack Tools on Windows XP
- Next by Date: Re: Printers and roaming profiles
- Previous by thread: Viruses and Hack Tools on Windows XP
- Next by thread: Re: Printers and roaming profiles
- Index(es):
Relevant Pages
|
|
