?
Solved

GPO

Posted on 2007-11-30
3
Medium Priority
?
406 Views
Last Modified: 2010-04-18
Is there a GPO so users cannot install software, even if there are local administrators
0
Comment
Question by:aardmancgi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 1000 total points
ID: 20382985
Software Restriction Policies can help, but only if you configure the restrictive "Only allow the software that I explicitly list here:" setting, which is difficult to administer/maintain on an ongoing basis: http://www.windowsnetworking.com/articles_tutorials/Software-Restriction-Policies.html
0
 
LVL 13

Expert Comment

by:rhinoceros
ID: 20383860
As I know, It is impossible by GPO. Because local administrators are the top one in locally after logon.

0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 20384085
rhinoceros - Software Restriction Policies, when properly configured, will affect even local administrators of a given computer.  It's just a question of whether it's worth the time needed to test, deploy and maintain the kind of locked-down environment needed to do so.
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question