Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

How to prevent users from installing programs?

Posted on 2004-10-14
3
Medium Priority
?
8,129 Views
Last Modified: 2013-12-04
Hi there,

I am an technical supporter and quite often I encounter the problems caused by users installing some unauthorized programs. I supposed that by setting MMC prolicy I should be able to block those unexpecting uses. I have done some studys and researchs on the use of MMC prolicies but couldn't figure out a way.

My questions are: 1) if one can use any settings within the MMC to prevent users from install programs on their computers; 2) anyway to hide some of the Control Panel's icons?

Any tips regrading the topic will be most appreciated. Thanks very much for your help!!

Clement
0
Comment
Question by:clementy
  • 2
3 Comments
 
LVL 1

Accepted Solution

by:
sstoyanovich earned 1500 total points
ID: 12311293
Suggestion #1:  Consider making the users just Users, and making sure they don't have Administrator privilege on the machine.

Suggestion #2: Software Restriction Policy.  It sounds like you need to do this locally, and not via GPO's in an Active Directory domain.  If so, from Administrative Tools, open Local Security Settings.  Under Security Settings, you'll see Software Restriction Policies.  Right-click and Create New Policy.  Then under Security Levels, you can set Disallowed as the default.  This means all programs except the ones you specify will be disallowed.  Under Additional Rules, you can add rules if you need your users to be able to run programs from locations other then under %windir% and %ProgramFiles%.  Putting this together with Suggestion #1 makes them unable to add new programs under %ProgramFiles% or %windir%, but since those are the only places they can launch programs from, they'll be stuck with what's on the machine.  Read more about it: http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx#XSLTsection129121120120

Let me know if you need more detail.
S
0
 
LVL 18

Expert Comment

by:luv2smile
ID: 12311722
You can use group policy to completely block the user out of the control panel or specific settings in the control panel. But remember if you are applying group policy locally that it applies to all users on the computer including administrators.

I assume you would be applying group policy locally and not thru a domain?

start- run- gpedit.msc

User Config- Administrative Templates- Control Panel

This will list and explain the different options available.
0
 
LVL 1

Expert Comment

by:sstoyanovich
ID: 12312311
In the Software Restriction Policy, there IS a setting to not apply the restriction to Administrators.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Screencast - Getting to Know the Pipeline
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question