?
Solved

How to prevent users from installing programs?

Posted on 2004-10-14
3
Medium Priority
?
8,124 Views
Last Modified: 2013-12-04
Hi there,

I am an technical supporter and quite often I encounter the problems caused by users installing some unauthorized programs. I supposed that by setting MMC prolicy I should be able to block those unexpecting uses. I have done some studys and researchs on the use of MMC prolicies but couldn't figure out a way.

My questions are: 1) if one can use any settings within the MMC to prevent users from install programs on their computers; 2) anyway to hide some of the Control Panel's icons?

Any tips regrading the topic will be most appreciated. Thanks very much for your help!!

Clement
0
Comment
Question by:clementy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 1

Accepted Solution

by:
sstoyanovich earned 1500 total points
ID: 12311293
Suggestion #1:  Consider making the users just Users, and making sure they don't have Administrator privilege on the machine.

Suggestion #2: Software Restriction Policy.  It sounds like you need to do this locally, and not via GPO's in an Active Directory domain.  If so, from Administrative Tools, open Local Security Settings.  Under Security Settings, you'll see Software Restriction Policies.  Right-click and Create New Policy.  Then under Security Levels, you can set Disallowed as the default.  This means all programs except the ones you specify will be disallowed.  Under Additional Rules, you can add rules if you need your users to be able to run programs from locations other then under %windir% and %ProgramFiles%.  Putting this together with Suggestion #1 makes them unable to add new programs under %ProgramFiles% or %windir%, but since those are the only places they can launch programs from, they'll be stuck with what's on the machine.  Read more about it: http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx#XSLTsection129121120120

Let me know if you need more detail.
S
0
 
LVL 18

Expert Comment

by:luv2smile
ID: 12311722
You can use group policy to completely block the user out of the control panel or specific settings in the control panel. But remember if you are applying group policy locally that it applies to all users on the computer including administrators.

I assume you would be applying group policy locally and not thru a domain?

start- run- gpedit.msc

User Config- Administrative Templates- Control Panel

This will list and explain the different options available.
0
 
LVL 1

Expert Comment

by:sstoyanovich
ID: 12312311
In the Software Restriction Policy, there IS a setting to not apply the restriction to Administrators.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses
Course of the Month12 days, 6 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question