Software Restriction in Group Policy

I need to put some software restrictions on my endusers. i am using sbs 2003 (patched) and don't want my end users downloading software (to include IE addon's or Active X) but I don't want it to affect the Administrator's group (which includes me). I know that this is a basic thing, but being a beginner on AD/GP, and I have to do this on a production box, so I don't want to screw things up.
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

Walter PadrónConnect With a Mentor Commented:
dmcgovern, you can apply policies to Groups.

Just on the Scope tab of your policy under "Security Filtering" remove the Authenticated Users group and add your Endusers Group.

Another approach will be to apply a restrictive policy for all users (the default) and a less restrictive policy for the Administrators group.

Stephen MandersonSoftware EngineerCommented:
One way to disable downloads of files would be to enable the option below, but would be for IE only, if running firefox then you would need to get the .adm template for that.

User Configuration->Administrative templates->Windows Componants->Internet Explorer->Browser Menus>"Disable Save this program to disk option" (Enable)
dmcgovernAuthor Commented:
well, that helps for the one thing. question is will that affect the administrator's group.
Stephen MandersonSoftware EngineerCommented:
Doing it group policy the only other way I could see of doing it is via registry.

Take a look here at Debsyl60's answer.

Theres also another couple of options in there with regards to my first post. If you are only planning to use IE then it shouldnt be a problem as they wont be able to download any other browsers :)
Stephen MandersonSoftware EngineerCommented:
It will only be effective for what ever OU the GPO is linked to, so just be sure its Domain Users etc and not Authenticated users.
All Courses

From novice to tech pro — start learning today.