Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 8135
  • Last Modified:

How to prevent users from installing programs?

Hi there,

I am an technical supporter and quite often I encounter the problems caused by users installing some unauthorized programs. I supposed that by setting MMC prolicy I should be able to block those unexpecting uses. I have done some studys and researchs on the use of MMC prolicies but couldn't figure out a way.

My questions are: 1) if one can use any settings within the MMC to prevent users from install programs on their computers; 2) anyway to hide some of the Control Panel's icons?

Any tips regrading the topic will be most appreciated. Thanks very much for your help!!

Clement
0
clementy
Asked:
clementy
  • 2
1 Solution
 
sstoyanovichCommented:
Suggestion #1:  Consider making the users just Users, and making sure they don't have Administrator privilege on the machine.

Suggestion #2: Software Restriction Policy.  It sounds like you need to do this locally, and not via GPO's in an Active Directory domain.  If so, from Administrative Tools, open Local Security Settings.  Under Security Settings, you'll see Software Restriction Policies.  Right-click and Create New Policy.  Then under Security Levels, you can set Disallowed as the default.  This means all programs except the ones you specify will be disallowed.  Under Additional Rules, you can add rules if you need your users to be able to run programs from locations other then under %windir% and %ProgramFiles%.  Putting this together with Suggestion #1 makes them unable to add new programs under %ProgramFiles% or %windir%, but since those are the only places they can launch programs from, they'll be stuck with what's on the machine.  Read more about it: http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx#XSLTsection129121120120

Let me know if you need more detail.
S
0
 
luv2smileCommented:
You can use group policy to completely block the user out of the control panel or specific settings in the control panel. But remember if you are applying group policy locally that it applies to all users on the computer including administrators.

I assume you would be applying group policy locally and not thru a domain?

start- run- gpedit.msc

User Config- Administrative Templates- Control Panel

This will list and explain the different options available.
0
 
sstoyanovichCommented:
In the Software Restriction Policy, there IS a setting to not apply the restriction to Administrators.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now