Solved

Restricting AD Users for accessing some programs

Posted on 2009-07-13
8
209 Views
Last Modified: 2012-05-07
We are running Windows 2003 Active Directory. We want to allow access to a specific program to some particular users using Group Policy. If users go to Start --> Programs or Start --> All Programs, that particular application will be available to them and other applications will be invisible to them.

Is it possible to do so with Active Directory Group Policy?
0
Comment
Question by:hchabria
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
8 Comments
 
LVL 23

Expert Comment

by:rhandels
ID: 24838084
Hey,

Not this is not possible i'm afraid.. At least not with policies... There is another way of doing this, i;ve done that trick in a Terminal Server Environment..
Make sure to redirect the start menu to a specified place on thier home drive, create a source folder with all applications and shortcuts in it and, when users start up, use robocopy (or at least a good copieng tool) to copy only those files users have permissions on. This way you can change the start menu for a user when logging in..

Not quite sure if you need to delete the default user and all user's start menu folder..
0
 
LVL 70

Expert Comment

by:KCTS
ID: 24838094
You can use a software restriction group policy and permit them to use only the specified program(s). You will need to organise the users into an OU, then apply the software restriction policy to that OU

See http://support.microsoft.com/kb/324036
0
 
LVL 23

Accepted Solution

by:
rhandels earned 250 total points
ID: 24838116
Yeah, but that will only block the applications from being used and it will also give the user an error which isn;t quite user friendly tbh, it will not remove the shortcuts from the start menu.. But if you would like to be able to disable applications from being used, then yes this is an option..
0
How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

 

Author Comment

by:hchabria
ID: 24838190
OK. Can I hide "Programs" menu which comes under "Start" menu? Using Group Policy I can hide "All Programs", but not able to hide "Programs".
0
 
LVL 23

Expert Comment

by:rhandels
ID: 24838198
For as far as i know it is not possible, might be i'm mistaking off course.. :)
0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 250 total points
ID: 24838231
If you want them to se only the programs that you specify then you need to build them a profile only the desired programs see http://www.vssbusinesssolutions.com/HelpDesk/KB/a15/how-to-create-a-custom-default-user-profile.aspx
0
 

Author Comment

by:hchabria
ID: 24838427
If Group Policy does not work then it is better to use Software Restriction Policy.

I have enabled Software Restriction Policy and restricted Notepad.exe using the following document (URL is given), but users are still able to access Notepad. Am I using correct procedure?

http://windowsitpro.com/article/articleid/97128/how-do-i-use-group-policy-to-block-a-specific-application.html
0
 
LVL 23

Expert Comment

by:rhandels
ID: 24838611
Did you update the policy for those users?? Log in, go to start --> run and type gpupdate /force.
Also, you can use the GPMC (Group olicy Management Console) and do a RSOP to see if the policy is active on their machines..
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question