Solved

How block installation right of domain user added into local admin group ?

Posted on 2008-10-02
5
1,072 Views
Last Modified: 2013-12-19
 We have some user required admin right to RUN the Software . but same time he breaks some
 Security policy . We want prevent them to installed any software .
only local admin can installed the software.
0
Comment
Question by:Nitinbd80
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 18

Accepted Solution

by:
sk_raja_raja earned 200 total points
ID: 22627041
Nitin,

You can do by creating a group policy or a local policy on the machine...Look into Software Restriction Policies  - you can restrict users so that they can only run the applications that you permit,
or you can specifically disallow only certain files or file types

Ref there..

http://www.windowsnetworking.com/articles_tutorials/Software-Restriction-Policies.html
0
 
LVL 11

Expert Comment

by:snoopfrogg
ID: 22629380
Just to clarify:  Is the user a local administrator or not?  
0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22629413
you can add the user in powe user group but assigne permission in software restriction policy to install software.
0
 
LVL 11

Expert Comment

by:snoopfrogg
ID: 22629438
Ah, after re-reading I think I understand.  Nitinbd80, you're saying that you need to grant administrative rights to the user in order for them to run an application.  

Typically you can circumvent granting them local administrator rights by only granting them elevated privileges to the Program Files\Application folder rather than to the whole workstation.  You may also need to grant them elevated privileges to the C:\Windows\Temp folder if the application needs access there.  By only granting them elevated privs to these folders, you avoid the software installation issue that comes with making them local admins.

This isn't ideal for security, but applications shouldn't require end users to be administrators to run in the first place.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Make the most of your online learning experience.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question