?
Solved

How block installation right of domain user added into local admin group ?

Posted on 2008-10-02
5
Medium Priority
?
1,073 Views
Last Modified: 2013-12-19
 We have some user required admin right to RUN the Software . but same time he breaks some
 Security policy . We want prevent them to installed any software .
only local admin can installed the software.
0
Comment
Question by:Nitinbd80
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 18

Accepted Solution

by:
sk_raja_raja earned 600 total points
ID: 22627041
Nitin,

You can do by creating a group policy or a local policy on the machine...Look into Software Restriction Policies  - you can restrict users so that they can only run the applications that you permit,
or you can specifically disallow only certain files or file types

Ref there..

http://www.windowsnetworking.com/articles_tutorials/Software-Restriction-Policies.html
0
 
LVL 11

Expert Comment

by:snoopfrogg
ID: 22629380
Just to clarify:  Is the user a local administrator or not?  
0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22629413
you can add the user in powe user group but assigne permission in software restriction policy to install software.
0
 
LVL 11

Expert Comment

by:snoopfrogg
ID: 22629438
Ah, after re-reading I think I understand.  Nitinbd80, you're saying that you need to grant administrative rights to the user in order for them to run an application.  

Typically you can circumvent granting them local administrator rights by only granting them elevated privileges to the Program Files\Application folder rather than to the whole workstation.  You may also need to grant them elevated privileges to the C:\Windows\Temp folder if the application needs access there.  By only granting them elevated privs to these folders, you avoid the software installation issue that comes with making them local admins.

This isn't ideal for security, but applications shouldn't require end users to be administrators to run in the first place.
0

Featured Post

Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses
Course of the Month11 days, 20 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question