Solved

How block installation right of domain user added into local admin group ?

Posted on 2008-10-02
5
1,071 Views
Last Modified: 2013-12-19
 We have some user required admin right to RUN the Software . but same time he breaks some
 Security policy . We want prevent them to installed any software .
only local admin can installed the software.
0
Comment
Question by:Nitinbd80
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 18

Accepted Solution

by:
sk_raja_raja earned 200 total points
ID: 22627041
Nitin,

You can do by creating a group policy or a local policy on the machine...Look into Software Restriction Policies  - you can restrict users so that they can only run the applications that you permit,
or you can specifically disallow only certain files or file types

Ref there..

http://www.windowsnetworking.com/articles_tutorials/Software-Restriction-Policies.html
0
 
LVL 11

Expert Comment

by:snoopfrogg
ID: 22629380
Just to clarify:  Is the user a local administrator or not?  
0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22629413
you can add the user in powe user group but assigne permission in software restriction policy to install software.
0
 
LVL 11

Expert Comment

by:snoopfrogg
ID: 22629438
Ah, after re-reading I think I understand.  Nitinbd80, you're saying that you need to grant administrative rights to the user in order for them to run an application.  

Typically you can circumvent granting them local administrator rights by only granting them elevated privileges to the Program Files\Application folder rather than to the whole workstation.  You may also need to grant them elevated privileges to the C:\Windows\Temp folder if the application needs access there.  By only granting them elevated privs to these folders, you avoid the software installation issue that comes with making them local admins.

This isn't ideal for security, but applications shouldn't require end users to be administrators to run in the first place.
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
OfficeMate Freezes on login or does not load after login credentials are input.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

742 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question