Solved

Install Permissions for users on Windows Domain

Posted on 2003-11-19
6
388 Views
Last Modified: 2010-03-19
I am running a Windows 2000 Domain with about 500 users, my boss has asked me if we could give certain individuals rights to install programs, but only localy. He does not want them to install anything downloaded from the web. They are all users right now so they cannot install anything which is fine by me....however I have already exhausted the options of making them power users or Admin on the local machine only because he only wants them to be able to install something like a CDROM that came with a text book or something from media. Can this be done through group policys??  Any help would be greatly appreciated.


Thanks
0
Comment
Question by:sgunderson
6 Comments
 
LVL 10

Assisted Solution

by:pcbrat
pcbrat earned 125 total points
ID: 9783253
If you give them rights to install that means they have access to run Executables. The only way to block them from doing it from the NET is to have a proxy or ISA server and control what they can download. We use Websense...it defines what users have access to on the net through groups and permissions in AD..

There is no way to differentiate between what has been downloaded and what is on a CD....anything can be copied locally of a CD...so how do you tell the system that this was a download exe and not a CD exe???

dawne :)
0
 
LVL 9

Accepted Solution

by:
svenkarlsen earned 125 total points
ID: 9783279
Hi sgunderson,

Either you allow them to install, or you don't. You will never be able to make a system that safely distinguishes between software downloaded from internet, and sw comming on a CD.

I am afraid you will have to tell your superior that this can only be done under the administration of the IT Dept. and will consequently require some resources, - i.e. he cannot get it for free, so he will have to consider what's the worst: saying to the secretaries (or whoever's been at him on the subject) that they will not be allowed to mess with the computers or spending some more money for e.g. a student assistant in the System Dept.

If you don't want to be rude to him, you could try asking him who will be responsible for any un-licensed software being installed on corporate computers ? And get the answer in writing, - otherwise you'll be the one taking the blame in the end!

Kind regards,
Sven
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 9783613
Sven has hit the nail squarely on the head.  Pts to him.

0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:sgunderson
ID: 9788986
These are the answers I expected. Thank You Very Much.
0
 
LVL 1

Expert Comment

by:ThePowderedToastMan
ID: 9792055
Sven is right, HOWEVER, if you are running either Proxy Server or more recently ISA Server, you can handle this problem by using Group Policy, i.e., creating power user groups or using inherited permissions.  Then you ISA can inherit attributes from the group permissions and allow or disallow downloads from the internet.  Simple, but can be a bad one to set up if you have to route through a DMZ.
0
 

Author Comment

by:sgunderson
ID: 9798176
Thank You
PowderedToast
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Can't connect to WAMP server 5 54
MAC address learning of Riverbed 4 45
winscp 000webhost.com 6 53
vSphere 5.5 - move subnet to another data center? 2 12
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question