Solved

Deny all users to install any software

Posted on 2008-10-11
5
913 Views
Last Modified: 2010-04-21
Daer Experts

i'm the IT Person on a company having 40 computers all of them having windows xp, my problem is every body try to install applications,games,etc.
which not allowed in the company. What i want to do is to deny everybody of install a new application or any application only
the administrator should do this, what could be the best solution for this,
i have a Windows SBS 2003 domain controller and active directory running on it, is there a solution per pc , pr per group policy
your urgent answer will be highly appriciated
thanks in advance
0
Comment
Question by:gmerino
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 2

Expert Comment

by:shhashemi
ID: 22693642
0
 
LVL 3

Accepted Solution

by:
jannepm earned 500 total points
ID: 22693653
Windows XP has this feature,you can either restrict to run only programs you specify, or deny programs which you want, for example utorrent.exe, directconnect.exe, etc.

It is much more effective to restrict all other programs than your chosen ones. Otherwise, you are catching your on tail.

So, deny all other than iexplore.exe, explorer.exe, winword.exe, excel.exe, .. etc what you need to use.
WinXP is also able to calculate the checksums so the trick renaming GameSetupInstaller.exe to Explorer.exe does not work.

Here is a quote from Kelly's:

---
Software Restriction Policies may be set to determine what software may or may not be run by users on the system. (Jim Cavalaris [MS])

Software Restriction Policies can be configured via the group policy editor (gpedit.msc) at:

Local Computer Policy -->Computer Configuration -->Windows Settings -->Security Settings -->Software Restriction Policies.  Policy can be set to either: restrict users from running specified programs - OR -restrict users to allow ONLY the specified programs to be run.

For a non-domain machine, policy can be applied to all users on the system, or non-Admin users only (Admins are not affected by the policy, and may run any/all programs). you cannot specify this policy for only certain users, but for a non-domain machine, the Admin/non-Admin breakdown may be sufficient.

--

Try googling with words windows xp restriction policies, link:
http://www.google.com/search?hl=fi&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=windows+xp+restriction+policies&spell=1



Original Source: http://www.kellys-korner-xp.com/xp_abc.htm

0
 
LVL 5

Expert Comment

by:thecomputerdocs
ID: 22694784
I like this article.
We've used deepfreeze....works great!
http://www.governmentsecurity.org/archive/t40.html
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 22695082
Internet Explorer Enahnced security will prevent Users and amdinistrators from downloading Operating System intrusive files from remote locations.

Here is an example:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23351830.html
0
 

Author Closing Comment

by:gmerino
ID: 31505289
Most likely block users from installing any application is based on policies, what I expected. Thanks for the entire explanation! Now I have all knowledge to start planning a good policy for my needs.

Thanks!
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
GPO on certain users 17 34
powershell mailbox move question 8 44
Changing logon server question 5 63
Shared files and folders migration 2 26
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question