Solved

How block installation right of domain user added into local admin group ?

Posted on 2008-10-02
5
1,065 Views
Last Modified: 2013-12-19
 We have some user required admin right to RUN the Software . but same time he breaks some
 Security policy . We want prevent them to installed any software .
only local admin can installed the software.
0
Comment
Question by:Nitinbd80
  • 2
  • 2
5 Comments
 
LVL 18

Accepted Solution

by:
sk_raja_raja earned 200 total points
ID: 22627041
Nitin,

You can do by creating a group policy or a local policy on the machine...Look into Software Restriction Policies  - you can restrict users so that they can only run the applications that you permit,
or you can specifically disallow only certain files or file types

Ref there..

http://www.windowsnetworking.com/articles_tutorials/Software-Restriction-Policies.html
0
 
LVL 11

Expert Comment

by:snoopfrogg
ID: 22629380
Just to clarify:  Is the user a local administrator or not?  
0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22629413
you can add the user in powe user group but assigne permission in software restriction policy to install software.
0
 
LVL 11

Expert Comment

by:snoopfrogg
ID: 22629438
Ah, after re-reading I think I understand.  Nitinbd80, you're saying that you need to grant administrative rights to the user in order for them to run an application.  

Typically you can circumvent granting them local administrator rights by only granting them elevated privileges to the Program Files\Application folder rather than to the whole workstation.  You may also need to grant them elevated privileges to the C:\Windows\Temp folder if the application needs access there.  By only granting them elevated privs to these folders, you avoid the software installation issue that comes with making them local admins.

This isn't ideal for security, but applications shouldn't require end users to be administrators to run in the first place.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now