Solved

GPO

Posted on 2007-11-30
3
402 Views
Last Modified: 2010-04-18
Is there a GPO so users cannot install software, even if there are local administrators
0
Comment
Question by:aardmancgi
  • 2
3 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
ID: 20382985
Software Restriction Policies can help, but only if you configure the restrictive "Only allow the software that I explicitly list here:" setting, which is difficult to administer/maintain on an ongoing basis: http://www.windowsnetworking.com/articles_tutorials/Software-Restriction-Policies.html
0
 
LVL 13

Expert Comment

by:rhinoceros
ID: 20383860
As I know, It is impossible by GPO. Because local administrators are the top one in locally after logon.

0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 20384085
rhinoceros - Software Restriction Policies, when properly configured, will affect even local administrators of a given computer.  It's just a question of whether it's worth the time needed to test, deploy and maintain the kind of locked-down environment needed to do so.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question