Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

How to prevent users from installing programs?

Posted on 2004-10-14
3
8,120 Views
Last Modified: 2013-12-04
Hi there,

I am an technical supporter and quite often I encounter the problems caused by users installing some unauthorized programs. I supposed that by setting MMC prolicy I should be able to block those unexpecting uses. I have done some studys and researchs on the use of MMC prolicies but couldn't figure out a way.

My questions are: 1) if one can use any settings within the MMC to prevent users from install programs on their computers; 2) anyway to hide some of the Control Panel's icons?

Any tips regrading the topic will be most appreciated. Thanks very much for your help!!

Clement
0
Comment
Question by:clementy
  • 2
3 Comments
 
LVL 1

Accepted Solution

by:
sstoyanovich earned 500 total points
ID: 12311293
Suggestion #1:  Consider making the users just Users, and making sure they don't have Administrator privilege on the machine.

Suggestion #2: Software Restriction Policy.  It sounds like you need to do this locally, and not via GPO's in an Active Directory domain.  If so, from Administrative Tools, open Local Security Settings.  Under Security Settings, you'll see Software Restriction Policies.  Right-click and Create New Policy.  Then under Security Levels, you can set Disallowed as the default.  This means all programs except the ones you specify will be disallowed.  Under Additional Rules, you can add rules if you need your users to be able to run programs from locations other then under %windir% and %ProgramFiles%.  Putting this together with Suggestion #1 makes them unable to add new programs under %ProgramFiles% or %windir%, but since those are the only places they can launch programs from, they'll be stuck with what's on the machine.  Read more about it: http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx#XSLTsection129121120120

Let me know if you need more detail.
S
0
 
LVL 18

Expert Comment

by:luv2smile
ID: 12311722
You can use group policy to completely block the user out of the control panel or specific settings in the control panel. But remember if you are applying group policy locally that it applies to all users on the computer including administrators.

I assume you would be applying group policy locally and not thru a domain?

start- run- gpedit.msc

User Config- Administrative Templates- Control Panel

This will list and explain the different options available.
0
 
LVL 1

Expert Comment

by:sstoyanovich
ID: 12312311
In the Software Restriction Policy, there IS a setting to not apply the restriction to Administrators.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question