Solved

Restricting AD Users for accessing some programs

Posted on 2009-07-13
8
208 Views
Last Modified: 2012-05-07
We are running Windows 2003 Active Directory. We want to allow access to a specific program to some particular users using Group Policy. If users go to Start --> Programs or Start --> All Programs, that particular application will be available to them and other applications will be invisible to them.

Is it possible to do so with Active Directory Group Policy?
0
Comment
Question by:hchabria
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
8 Comments
 
LVL 23

Expert Comment

by:rhandels
ID: 24838084
Hey,

Not this is not possible i'm afraid.. At least not with policies... There is another way of doing this, i;ve done that trick in a Terminal Server Environment..
Make sure to redirect the start menu to a specified place on thier home drive, create a source folder with all applications and shortcuts in it and, when users start up, use robocopy (or at least a good copieng tool) to copy only those files users have permissions on. This way you can change the start menu for a user when logging in..

Not quite sure if you need to delete the default user and all user's start menu folder..
0
 
LVL 70

Expert Comment

by:KCTS
ID: 24838094
You can use a software restriction group policy and permit them to use only the specified program(s). You will need to organise the users into an OU, then apply the software restriction policy to that OU

See http://support.microsoft.com/kb/324036
0
 
LVL 23

Accepted Solution

by:
rhandels earned 250 total points
ID: 24838116
Yeah, but that will only block the applications from being used and it will also give the user an error which isn;t quite user friendly tbh, it will not remove the shortcuts from the start menu.. But if you would like to be able to disable applications from being used, then yes this is an option..
0
How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

 

Author Comment

by:hchabria
ID: 24838190
OK. Can I hide "Programs" menu which comes under "Start" menu? Using Group Policy I can hide "All Programs", but not able to hide "Programs".
0
 
LVL 23

Expert Comment

by:rhandels
ID: 24838198
For as far as i know it is not possible, might be i'm mistaking off course.. :)
0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 250 total points
ID: 24838231
If you want them to se only the programs that you specify then you need to build them a profile only the desired programs see http://www.vssbusinesssolutions.com/HelpDesk/KB/a15/how-to-create-a-custom-default-user-profile.aspx
0
 

Author Comment

by:hchabria
ID: 24838427
If Group Policy does not work then it is better to use Software Restriction Policy.

I have enabled Software Restriction Policy and restricted Notepad.exe using the following document (URL is given), but users are still able to access Notepad. Am I using correct procedure?

http://windowsitpro.com/article/articleid/97128/how-do-i-use-group-policy-to-block-a-specific-application.html
0
 
LVL 23

Expert Comment

by:rhandels
ID: 24838611
Did you update the policy for those users?? Log in, go to start --> run and type gpupdate /force.
Also, you can use the GPMC (Group olicy Management Console) and do a RSOP to see if the policy is active on their machines..
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question