Solved

Restricting AD Users for accessing some programs

Posted on 2009-07-13
8
197 Views
Last Modified: 2012-05-07
We are running Windows 2003 Active Directory. We want to allow access to a specific program to some particular users using Group Policy. If users go to Start --> Programs or Start --> All Programs, that particular application will be available to them and other applications will be invisible to them.

Is it possible to do so with Active Directory Group Policy?
0
Comment
Question by:hchabria
  • 4
  • 2
  • 2
8 Comments
 
LVL 23

Expert Comment

by:rhandels
ID: 24838084
Hey,

Not this is not possible i'm afraid.. At least not with policies... There is another way of doing this, i;ve done that trick in a Terminal Server Environment..
Make sure to redirect the start menu to a specified place on thier home drive, create a source folder with all applications and shortcuts in it and, when users start up, use robocopy (or at least a good copieng tool) to copy only those files users have permissions on. This way you can change the start menu for a user when logging in..

Not quite sure if you need to delete the default user and all user's start menu folder..
0
 
LVL 70

Expert Comment

by:KCTS
ID: 24838094
You can use a software restriction group policy and permit them to use only the specified program(s). You will need to organise the users into an OU, then apply the software restriction policy to that OU

See http://support.microsoft.com/kb/324036
0
 
LVL 23

Accepted Solution

by:
rhandels earned 250 total points
ID: 24838116
Yeah, but that will only block the applications from being used and it will also give the user an error which isn;t quite user friendly tbh, it will not remove the shortcuts from the start menu.. But if you would like to be able to disable applications from being used, then yes this is an option..
0
 

Author Comment

by:hchabria
ID: 24838190
OK. Can I hide "Programs" menu which comes under "Start" menu? Using Group Policy I can hide "All Programs", but not able to hide "Programs".
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 23

Expert Comment

by:rhandels
ID: 24838198
For as far as i know it is not possible, might be i'm mistaking off course.. :)
0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 250 total points
ID: 24838231
If you want them to se only the programs that you specify then you need to build them a profile only the desired programs see http://www.vssbusinesssolutions.com/HelpDesk/KB/a15/how-to-create-a-custom-default-user-profile.aspx
0
 

Author Comment

by:hchabria
ID: 24838427
If Group Policy does not work then it is better to use Software Restriction Policy.

I have enabled Software Restriction Policy and restricted Notepad.exe using the following document (URL is given), but users are still able to access Notepad. Am I using correct procedure?

http://windowsitpro.com/article/articleid/97128/how-do-i-use-group-policy-to-block-a-specific-application.html
0
 
LVL 23

Expert Comment

by:rhandels
ID: 24838611
Did you update the policy for those users?? Log in, go to start --> run and type gpupdate /force.
Also, you can use the GPMC (Group olicy Management Console) and do a RSOP to see if the policy is active on their machines..
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now