Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Install Permissions for users on Windows Domain

Posted on 2003-11-19
6
Medium Priority
?
401 Views
Last Modified: 2010-03-19
I am running a Windows 2000 Domain with about 500 users, my boss has asked me if we could give certain individuals rights to install programs, but only localy. He does not want them to install anything downloaded from the web. They are all users right now so they cannot install anything which is fine by me....however I have already exhausted the options of making them power users or Admin on the local machine only because he only wants them to be able to install something like a CDROM that came with a text book or something from media. Can this be done through group policys??  Any help would be greatly appreciated.


Thanks
0
Comment
Question by:sgunderson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 10

Assisted Solution

by:pcbrat
pcbrat earned 500 total points
ID: 9783253
If you give them rights to install that means they have access to run Executables. The only way to block them from doing it from the NET is to have a proxy or ISA server and control what they can download. We use Websense...it defines what users have access to on the net through groups and permissions in AD..

There is no way to differentiate between what has been downloaded and what is on a CD....anything can be copied locally of a CD...so how do you tell the system that this was a download exe and not a CD exe???

dawne :)
0
 
LVL 9

Accepted Solution

by:
svenkarlsen earned 500 total points
ID: 9783279
Hi sgunderson,

Either you allow them to install, or you don't. You will never be able to make a system that safely distinguishes between software downloaded from internet, and sw comming on a CD.

I am afraid you will have to tell your superior that this can only be done under the administration of the IT Dept. and will consequently require some resources, - i.e. he cannot get it for free, so he will have to consider what's the worst: saying to the secretaries (or whoever's been at him on the subject) that they will not be allowed to mess with the computers or spending some more money for e.g. a student assistant in the System Dept.

If you don't want to be rude to him, you could try asking him who will be responsible for any un-licensed software being installed on corporate computers ? And get the answer in writing, - otherwise you'll be the one taking the blame in the end!

Kind regards,
Sven
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 9783613
Sven has hit the nail squarely on the head.  Pts to him.

0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 

Author Comment

by:sgunderson
ID: 9788986
These are the answers I expected. Thank You Very Much.
0
 
LVL 1

Expert Comment

by:ThePowderedToastMan
ID: 9792055
Sven is right, HOWEVER, if you are running either Proxy Server or more recently ISA Server, you can handle this problem by using Group Policy, i.e., creating power user groups or using inherited permissions.  Then you ISA can inherit attributes from the group permissions and allow or disallow downloads from the internet.  Simple, but can be a bad one to set up if you have to route through a DMZ.
0
 

Author Comment

by:sgunderson
ID: 9798176
Thank You
PowderedToast
0

Featured Post

Understanding Web Applications

Without even knowing it, most of us are using web applications on a daily basis. Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We often confuse these web applications tools for websites.  So, what is the difference?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question