• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 408
  • Last Modified:

Install Permissions for users on Windows Domain

I am running a Windows 2000 Domain with about 500 users, my boss has asked me if we could give certain individuals rights to install programs, but only localy. He does not want them to install anything downloaded from the web. They are all users right now so they cannot install anything which is fine by me....however I have already exhausted the options of making them power users or Admin on the local machine only because he only wants them to be able to install something like a CDROM that came with a text book or something from media. Can this be done through group policys??  Any help would be greatly appreciated.


Thanks
0
sgunderson
Asked:
sgunderson
2 Solutions
 
pcbratCommented:
If you give them rights to install that means they have access to run Executables. The only way to block them from doing it from the NET is to have a proxy or ISA server and control what they can download. We use Websense...it defines what users have access to on the net through groups and permissions in AD..

There is no way to differentiate between what has been downloaded and what is on a CD....anything can be copied locally of a CD...so how do you tell the system that this was a download exe and not a CD exe???

dawne :)
0
 
svenkarlsenCommented:
Hi sgunderson,

Either you allow them to install, or you don't. You will never be able to make a system that safely distinguishes between software downloaded from internet, and sw comming on a CD.

I am afraid you will have to tell your superior that this can only be done under the administration of the IT Dept. and will consequently require some resources, - i.e. he cannot get it for free, so he will have to consider what's the worst: saying to the secretaries (or whoever's been at him on the subject) that they will not be allowed to mess with the computers or spending some more money for e.g. a student assistant in the System Dept.

If you don't want to be rude to him, you could try asking him who will be responsible for any un-licensed software being installed on corporate computers ? And get the answer in writing, - otherwise you'll be the one taking the blame in the end!

Kind regards,
Sven
0
 
The--CaptainCommented:
Sven has hit the nail squarely on the head.  Pts to him.

0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
sgundersonAuthor Commented:
These are the answers I expected. Thank You Very Much.
0
 
ThePowderedToastManCommented:
Sven is right, HOWEVER, if you are running either Proxy Server or more recently ISA Server, you can handle this problem by using Group Policy, i.e., creating power user groups or using inherited permissions.  Then you ISA can inherit attributes from the group permissions and allow or disallow downloads from the internet.  Simple, but can be a bad one to set up if you have to route through a DMZ.
0
 
sgundersonAuthor Commented:
Thank You
PowderedToast
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now