hemtech
asked on
Hide or Deny Computer Management via Group Policy
I would like to hide the "Manage" option when my users right click My Computer. How do I go about this using Group Policy?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Please note that using this method the user will still be able to access the Computer Management Console (compmgmt.msc) MMC snapin.
Any update Hemtech?
ASKER
Yes - the solution that NoodlesWIU suggested was implemented and worked successfully. My users do not have access to MMC as far as I know. Thank you for the follow up.
Software Restriction Policies
Blocking Programs, Executables and scripts
2K/XP/2003
Software restriction policies can be applied to just about any program script or file, the big advantage to using this method is, it digitally fingerprints the file so if you have a “clever user” even changing the executable or file name wont let them run it.
As With all policies you can deploy them locally on each machine (start > run > gpedit.msc) or for everyone at once via the Domain Group Policy (AD users and computers or GPMC (group policy management console)
Whilst in The Policy Manager (either local or domain)
Navigate to
Computer Configuration\Windows Settings\Security Settings\Software Restriction Policies
By Default there is nothing there
Click Action > Create New Policy
Right Click Additional Rules > Create Hash Rule
Click the Browse Button
Navigate to the Executable/Program you want to stop users using.
Click OK
Set the Security Level to “Disallowed”
Click Apply > OK
References
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx#EKAA
http://www.microsoft.com/technet/security/prodtech/windowsxp/secwinxp/xpsgch06.mspx
Also have a look at following:
https://www.experts-exchange.com/questions/21751813/Restricting-access-to-Computer-Management.html