I would like to establish a policy for a particular OU for security purposes that prevents all members of the OU from the following:
- Installing any applications on local machine
- prevents them from changing there network settings on local machine
- prevents them from changing displays settings on local machine
Basically what i want is only for the users to be able to use there exsiting applications that i i have installed for them. Is the fact the these users have local admin privileges going to be an issue? Or will the policy prevail once they log onto the domain?