Solved

How to prevent users from installing programs?

Posted on 2004-10-14
3
8,123 Views
Last Modified: 2013-12-04
Hi there,

I am an technical supporter and quite often I encounter the problems caused by users installing some unauthorized programs. I supposed that by setting MMC prolicy I should be able to block those unexpecting uses. I have done some studys and researchs on the use of MMC prolicies but couldn't figure out a way.

My questions are: 1) if one can use any settings within the MMC to prevent users from install programs on their computers; 2) anyway to hide some of the Control Panel's icons?

Any tips regrading the topic will be most appreciated. Thanks very much for your help!!

Clement
0
Comment
Question by:clementy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 1

Accepted Solution

by:
sstoyanovich earned 500 total points
ID: 12311293
Suggestion #1:  Consider making the users just Users, and making sure they don't have Administrator privilege on the machine.

Suggestion #2: Software Restriction Policy.  It sounds like you need to do this locally, and not via GPO's in an Active Directory domain.  If so, from Administrative Tools, open Local Security Settings.  Under Security Settings, you'll see Software Restriction Policies.  Right-click and Create New Policy.  Then under Security Levels, you can set Disallowed as the default.  This means all programs except the ones you specify will be disallowed.  Under Additional Rules, you can add rules if you need your users to be able to run programs from locations other then under %windir% and %ProgramFiles%.  Putting this together with Suggestion #1 makes them unable to add new programs under %ProgramFiles% or %windir%, but since those are the only places they can launch programs from, they'll be stuck with what's on the machine.  Read more about it: http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx#XSLTsection129121120120

Let me know if you need more detail.
S
0
 
LVL 18

Expert Comment

by:luv2smile
ID: 12311722
You can use group policy to completely block the user out of the control panel or specific settings in the control panel. But remember if you are applying group policy locally that it applies to all users on the computer including administrators.

I assume you would be applying group policy locally and not thru a domain?

start- run- gpedit.msc

User Config- Administrative Templates- Control Panel

This will list and explain the different options available.
0
 
LVL 1

Expert Comment

by:sstoyanovich
ID: 12312311
In the Software Restriction Policy, there IS a setting to not apply the restriction to Administrators.
0

Featured Post

Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question