[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 937
  • Last Modified:

Deny all users to install any software

Daer Experts

i'm the IT Person on a company having 40 computers all of them having windows xp, my problem is every body try to install applications,games,etc.
which not allowed in the company. What i want to do is to deny everybody of install a new application or any application only
the administrator should do this, what could be the best solution for this,
i have a Windows SBS 2003 domain controller and active directory running on it, is there a solution per pc , pr per group policy
your urgent answer will be highly appriciated
thanks in advance
0
gmerino
Asked:
gmerino
1 Solution
 
shhashemiCommented:
0
 
jannepmCommented:
Windows XP has this feature,you can either restrict to run only programs you specify, or deny programs which you want, for example utorrent.exe, directconnect.exe, etc.

It is much more effective to restrict all other programs than your chosen ones. Otherwise, you are catching your on tail.

So, deny all other than iexplore.exe, explorer.exe, winword.exe, excel.exe, .. etc what you need to use.
WinXP is also able to calculate the checksums so the trick renaming GameSetupInstaller.exe to Explorer.exe does not work.

Here is a quote from Kelly's:

---
Software Restriction Policies may be set to determine what software may or may not be run by users on the system. (Jim Cavalaris [MS])

Software Restriction Policies can be configured via the group policy editor (gpedit.msc) at:

Local Computer Policy -->Computer Configuration -->Windows Settings -->Security Settings -->Software Restriction Policies.  Policy can be set to either: restrict users from running specified programs - OR -restrict users to allow ONLY the specified programs to be run.

For a non-domain machine, policy can be applied to all users on the system, or non-Admin users only (Admins are not affected by the policy, and may run any/all programs). you cannot specify this policy for only certain users, but for a non-domain machine, the Admin/non-Admin breakdown may be sufficient.

--

Try googling with words windows xp restriction policies, link:
http://www.google.com/search?hl=fi&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=windows+xp+restriction+policies&spell=1



Original Source: http://www.kellys-korner-xp.com/xp_abc.htm

0
 
thecomputerdocsCommented:
I like this article.
We've used deepfreeze....works great!
http://www.governmentsecurity.org/archive/t40.html
0
 
ChiefITCommented:
Internet Explorer Enahnced security will prevent Users and amdinistrators from downloading Operating System intrusive files from remote locations.

Here is an example:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23351830.html
0
 
gmerinoAuthor Commented:
Most likely block users from installing any application is based on policies, what I expected. Thanks for the entire explanation! Now I have all knowledge to start planning a good policy for my needs.

Thanks!
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now