Are the users computers running XP Pro or Vista Business? If so why not set them up to join a domain? Unless you are over slow connections, then replication and propagation time could take a while.

Since you already have Active Directory installed, you could create an OU called Limited Users or something similar and add the appropriate users in that OU then utilize group policy snap-in to create a policy of not allowing software installation?
If you have fewer workstations to manage, you will probably have to edit the settings in each of them and move them to a different group than local admin.

The users are using windows xp pro, I was looking in the group policy, but didn't see anything in there that would do the trick.

Hi!

There is no way to prevent members of local administrators group to install software. Actually there is no way to prevent them from doing anything. You should be looking at your problem from different point of view. Why does application need local administrator's permission and right to run? The proper way of solving this problem is to run application under standard user account with Process Monitor or similar program, which should identify resources (mainly registry and file system) to which access is denied. Change permissions on these registry keys and or file/folders only and remove users fromlocal administrator's group.

Process Monitor: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

HTH

Toni

That is the answer I was expecting, but not the one I was hoping for.

Glen

I only say this is partial because my problem isn't really solved, but it's probably as good as it's going to get.  Thanks