Solved

Install Permissions for users on Windows Domain

Posted on 2003-11-19
6
391 Views
Last Modified: 2010-03-19
I am running a Windows 2000 Domain with about 500 users, my boss has asked me if we could give certain individuals rights to install programs, but only localy. He does not want them to install anything downloaded from the web. They are all users right now so they cannot install anything which is fine by me....however I have already exhausted the options of making them power users or Admin on the local machine only because he only wants them to be able to install something like a CDROM that came with a text book or something from media. Can this be done through group policys??  Any help would be greatly appreciated.


Thanks
0
Comment
Question by:sgunderson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 10

Assisted Solution

by:pcbrat
pcbrat earned 125 total points
ID: 9783253
If you give them rights to install that means they have access to run Executables. The only way to block them from doing it from the NET is to have a proxy or ISA server and control what they can download. We use Websense...it defines what users have access to on the net through groups and permissions in AD..

There is no way to differentiate between what has been downloaded and what is on a CD....anything can be copied locally of a CD...so how do you tell the system that this was a download exe and not a CD exe???

dawne :)
0
 
LVL 9

Accepted Solution

by:
svenkarlsen earned 125 total points
ID: 9783279
Hi sgunderson,

Either you allow them to install, or you don't. You will never be able to make a system that safely distinguishes between software downloaded from internet, and sw comming on a CD.

I am afraid you will have to tell your superior that this can only be done under the administration of the IT Dept. and will consequently require some resources, - i.e. he cannot get it for free, so he will have to consider what's the worst: saying to the secretaries (or whoever's been at him on the subject) that they will not be allowed to mess with the computers or spending some more money for e.g. a student assistant in the System Dept.

If you don't want to be rude to him, you could try asking him who will be responsible for any un-licensed software being installed on corporate computers ? And get the answer in writing, - otherwise you'll be the one taking the blame in the end!

Kind regards,
Sven
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 9783613
Sven has hit the nail squarely on the head.  Pts to him.

0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:sgunderson
ID: 9788986
These are the answers I expected. Thank You Very Much.
0
 
LVL 1

Expert Comment

by:ThePowderedToastMan
ID: 9792055
Sven is right, HOWEVER, if you are running either Proxy Server or more recently ISA Server, you can handle this problem by using Group Policy, i.e., creating power user groups or using inherited permissions.  Then you ISA can inherit attributes from the group permissions and allow or disallow downloads from the internet.  Simple, but can be a bad one to set up if you have to route through a DMZ.
0
 

Author Comment

by:sgunderson
ID: 9798176
Thank You
PowderedToast
0

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let’s list some of the technologies that enable smooth teleworking. 
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question