?
Solved

Restricting AD Users for accessing some programs

Posted on 2009-07-13
8
Medium Priority
?
210 Views
Last Modified: 2012-05-07
We are running Windows 2003 Active Directory. We want to allow access to a specific program to some particular users using Group Policy. If users go to Start --> Programs or Start --> All Programs, that particular application will be available to them and other applications will be invisible to them.

Is it possible to do so with Active Directory Group Policy?
0
Comment
Question by:hchabria
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
8 Comments
 
LVL 23

Expert Comment

by:rhandels
ID: 24838084
Hey,

Not this is not possible i'm afraid.. At least not with policies... There is another way of doing this, i;ve done that trick in a Terminal Server Environment..
Make sure to redirect the start menu to a specified place on thier home drive, create a source folder with all applications and shortcuts in it and, when users start up, use robocopy (or at least a good copieng tool) to copy only those files users have permissions on. This way you can change the start menu for a user when logging in..

Not quite sure if you need to delete the default user and all user's start menu folder..
0
 
LVL 70

Expert Comment

by:KCTS
ID: 24838094
You can use a software restriction group policy and permit them to use only the specified program(s). You will need to organise the users into an OU, then apply the software restriction policy to that OU

See http://support.microsoft.com/kb/324036
0
 
LVL 23

Accepted Solution

by:
rhandels earned 1000 total points
ID: 24838116
Yeah, but that will only block the applications from being used and it will also give the user an error which isn;t quite user friendly tbh, it will not remove the shortcuts from the start menu.. But if you would like to be able to disable applications from being used, then yes this is an option..
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 

Author Comment

by:hchabria
ID: 24838190
OK. Can I hide "Programs" menu which comes under "Start" menu? Using Group Policy I can hide "All Programs", but not able to hide "Programs".
0
 
LVL 23

Expert Comment

by:rhandels
ID: 24838198
For as far as i know it is not possible, might be i'm mistaking off course.. :)
0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 1000 total points
ID: 24838231
If you want them to se only the programs that you specify then you need to build them a profile only the desired programs see http://www.vssbusinesssolutions.com/HelpDesk/KB/a15/how-to-create-a-custom-default-user-profile.aspx
0
 

Author Comment

by:hchabria
ID: 24838427
If Group Policy does not work then it is better to use Software Restriction Policy.

I have enabled Software Restriction Policy and restricted Notepad.exe using the following document (URL is given), but users are still able to access Notepad. Am I using correct procedure?

http://windowsitpro.com/article/articleid/97128/how-do-i-use-group-policy-to-block-a-specific-application.html
0
 
LVL 23

Expert Comment

by:rhandels
ID: 24838611
Did you update the policy for those users?? Log in, go to start --> run and type gpupdate /force.
Also, you can use the GPMC (Group olicy Management Console) and do a RSOP to see if the policy is active on their machines..
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question