Solved

Deny all users to install any software

Posted on 2008-10-11
5
895 Views
Last Modified: 2010-04-21
Daer Experts

i'm the IT Person on a company having 40 computers all of them having windows xp, my problem is every body try to install applications,games,etc.
which not allowed in the company. What i want to do is to deny everybody of install a new application or any application only
the administrator should do this, what could be the best solution for this,
i have a Windows SBS 2003 domain controller and active directory running on it, is there a solution per pc , pr per group policy
your urgent answer will be highly appriciated
thanks in advance
0
Comment
Question by:gmerino
5 Comments
 
LVL 2

Expert Comment

by:shhashemi
ID: 22693642
0
 
LVL 3

Accepted Solution

by:
jannepm earned 500 total points
ID: 22693653
Windows XP has this feature,you can either restrict to run only programs you specify, or deny programs which you want, for example utorrent.exe, directconnect.exe, etc.

It is much more effective to restrict all other programs than your chosen ones. Otherwise, you are catching your on tail.

So, deny all other than iexplore.exe, explorer.exe, winword.exe, excel.exe, .. etc what you need to use.
WinXP is also able to calculate the checksums so the trick renaming GameSetupInstaller.exe to Explorer.exe does not work.

Here is a quote from Kelly's:

---
Software Restriction Policies may be set to determine what software may or may not be run by users on the system. (Jim Cavalaris [MS])

Software Restriction Policies can be configured via the group policy editor (gpedit.msc) at:

Local Computer Policy -->Computer Configuration -->Windows Settings -->Security Settings -->Software Restriction Policies.  Policy can be set to either: restrict users from running specified programs - OR -restrict users to allow ONLY the specified programs to be run.

For a non-domain machine, policy can be applied to all users on the system, or non-Admin users only (Admins are not affected by the policy, and may run any/all programs). you cannot specify this policy for only certain users, but for a non-domain machine, the Admin/non-Admin breakdown may be sufficient.

--

Try googling with words windows xp restriction policies, link:
http://www.google.com/search?hl=fi&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=windows+xp+restriction+policies&spell=1



Original Source: http://www.kellys-korner-xp.com/xp_abc.htm

0
 
LVL 5

Expert Comment

by:thecomputerdocs
ID: 22694784
I like this article.
We've used deepfreeze....works great!
http://www.governmentsecurity.org/archive/t40.html
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 22695082
Internet Explorer Enahnced security will prevent Users and amdinistrators from downloading Operating System intrusive files from remote locations.

Here is an example:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23351830.html
0
 

Author Closing Comment

by:gmerino
ID: 31505289
Most likely block users from installing any application is based on policies, what I expected. Thanks for the entire explanation! Now I have all knowledge to start planning a good policy for my needs.

Thanks!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SharePoint Explorer Folder Access 4 37
GPO Central Store 3 25
Bind Mac To Azure AD 1 31
ADFS not automatically working after a users password change 4 21
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question