Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Deny all users to install any software

Posted on 2008-10-11
5
Medium Priority
?
933 Views
Last Modified: 2010-04-21
Daer Experts

i'm the IT Person on a company having 40 computers all of them having windows xp, my problem is every body try to install applications,games,etc.
which not allowed in the company. What i want to do is to deny everybody of install a new application or any application only
the administrator should do this, what could be the best solution for this,
i have a Windows SBS 2003 domain controller and active directory running on it, is there a solution per pc , pr per group policy
your urgent answer will be highly appriciated
thanks in advance
0
Comment
Question by:gmerino
5 Comments
 
LVL 2

Expert Comment

by:shhashemi
ID: 22693642
0
 
LVL 3

Accepted Solution

by:
jannepm earned 1500 total points
ID: 22693653
Windows XP has this feature,you can either restrict to run only programs you specify, or deny programs which you want, for example utorrent.exe, directconnect.exe, etc.

It is much more effective to restrict all other programs than your chosen ones. Otherwise, you are catching your on tail.

So, deny all other than iexplore.exe, explorer.exe, winword.exe, excel.exe, .. etc what you need to use.
WinXP is also able to calculate the checksums so the trick renaming GameSetupInstaller.exe to Explorer.exe does not work.

Here is a quote from Kelly's:

---
Software Restriction Policies may be set to determine what software may or may not be run by users on the system. (Jim Cavalaris [MS])

Software Restriction Policies can be configured via the group policy editor (gpedit.msc) at:

Local Computer Policy -->Computer Configuration -->Windows Settings -->Security Settings -->Software Restriction Policies.  Policy can be set to either: restrict users from running specified programs - OR -restrict users to allow ONLY the specified programs to be run.

For a non-domain machine, policy can be applied to all users on the system, or non-Admin users only (Admins are not affected by the policy, and may run any/all programs). you cannot specify this policy for only certain users, but for a non-domain machine, the Admin/non-Admin breakdown may be sufficient.

--

Try googling with words windows xp restriction policies, link:
http://www.google.com/search?hl=fi&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=windows+xp+restriction+policies&spell=1



Original Source: http://www.kellys-korner-xp.com/xp_abc.htm

0
 
LVL 5

Expert Comment

by:thecomputerdocs
ID: 22694784
I like this article.
We've used deepfreeze....works great!
http://www.governmentsecurity.org/archive/t40.html
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 22695082
Internet Explorer Enahnced security will prevent Users and amdinistrators from downloading Operating System intrusive files from remote locations.

Here is an example:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23351830.html
0
 

Author Closing Comment

by:gmerino
ID: 31505289
Most likely block users from installing any application is based on policies, what I expected. Thanks for the entire explanation! Now I have all knowledge to start planning a good policy for my needs.

Thanks!
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question