Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 217
  • Last Modified:

CLIENT ACCOUNTS

ATTENTION: "mikeleebrla"

As to your answer my question is:

Would i have to add the client username to the local machine admin group at each and every client machine or can I do this from the domain? If so, How?

Now with all clients having local admin rights to the local machine, they are now open for installing apps, utills and software anytime they like.  We have installed all necessary apps and software that they need, now we want to lock down so that they cannot install anything.  (How do I do this in the GPO and where?)  But still need the client to have admin rights to the local machine due to antivirus updates and installs that may be needed.

Would i have to do this in the Computer config or userconfig in the domain pol?

The problem is, applications come in diff, formats i.e (exe, bat,, com, zip, msi and so on) how do i block all that?? can I?
0
hitechauto
Asked:
hitechauto
  • 2
  • 2
1 Solution
 
Pete LongTechnical ConsultantCommented:
andyalder,
LOL its working of google hits andy - andy is gonne be bigger

http://www.googlefight.com/index.php?lang=en_GB&word1=peter&word2=andy
Pete
0
 
Pete LongTechnical ConsultantCommented:
hitechauto,
LOL sorry wrong Q
Pete
0
 
GinEricCommented:
You've got a hard way to go kid.  You really need to pick up some information on SMS.  Giving admin rights to all clients is not good.

You could've created a Group, put them all in it, with only special install privileges in certain of their own computer directories.  And no execute outside of their directories.

Second, I think you should start to read the Microsoft documents on implementing a network enterprise solution.

You've got a lot of reading to do.  I wondered how you got the job as admin, but figure you're either the boss or the bosses son; don't take me the wrong way, I have nothing against that.

Why don't you tell us how many clients you have and what server you're using?

You're going about the solutions kind of backwards.

Just as an example, we had 20,000 clients at one site.  No one had admin rights at their own computer.  We installed, allowed them to install certain things, run certain things, all without them having access to Administrative Tools, or any way to log into their computers locally. We updated them all, and set all of their permissions from one console.  It didn't take one day.   This is called company security.

If you only have ten or twenty clients, yeah, you can go from machine to machine, but not really with more than 20.

Just something for you to think about.  If you're network is going to grow beyond 20 computers, you should start reading about SMS and Deployment of an Enterprise Network now.
0
 
GinEricCommented:
Thank you, you're a really good admin for taking the advice, which may have seemed harsh to some, but was constuctive and hopefully helps and benefits you.  You could work for my IT team anytime.

0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now