?
Solved

GPO

Posted on 2007-11-30
3
Medium Priority
?
409 Views
Last Modified: 2010-04-18
Is there a GPO so users cannot install software, even if there are local administrators
0
Comment
Question by:aardmancgi
  • 2
3 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 1000 total points
ID: 20382985
Software Restriction Policies can help, but only if you configure the restrictive "Only allow the software that I explicitly list here:" setting, which is difficult to administer/maintain on an ongoing basis: http://www.windowsnetworking.com/articles_tutorials/Software-Restriction-Policies.html
0
 
LVL 13

Expert Comment

by:rhinoceros
ID: 20383860
As I know, It is impossible by GPO. Because local administrators are the top one in locally after logon.

0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 20384085
rhinoceros - Software Restriction Policies, when properly configured, will affect even local administrators of a given computer.  It's just a question of whether it's worth the time needed to test, deploy and maintain the kind of locked-down environment needed to do so.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question