Solved

GPO

Posted on 2007-11-30
3
395 Views
Last Modified: 2010-04-18
Is there a GPO so users cannot install software, even if there are local administrators
0
Comment
Question by:aardmancgi
  • 2
3 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
ID: 20382985
Software Restriction Policies can help, but only if you configure the restrictive "Only allow the software that I explicitly list here:" setting, which is difficult to administer/maintain on an ongoing basis: http://www.windowsnetworking.com/articles_tutorials/Software-Restriction-Policies.html
0
 
LVL 13

Expert Comment

by:rhinoceros
ID: 20383860
As I know, It is impossible by GPO. Because local administrators are the top one in locally after logon.

0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 20384085
rhinoceros - Software Restriction Policies, when properly configured, will affect even local administrators of a given computer.  It's just a question of whether it's worth the time needed to test, deploy and maintain the kind of locked-down environment needed to do so.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now