Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Blocking Software installation

Posted on 2010-11-30
4
Medium Priority
?
336 Views
Last Modified: 2012-05-10
We have Windows 2003 Domain with all the domain Controllers running Windows 2003. We have got approx 10000 users. We have a requirement to block the Software installations in Desktops by users. We want to block .exe files from running but dont want to disturb the Windows internal executables. Is there a way to achieve that.

Many of the users in our environment are lacal admins so this creates problem.
0
Comment
Question by:Neo_78
  • 2
4 Comments
 
LVL 4

Expert Comment

by:jcurrie
ID: 34240322
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 375 total points
ID: 34240335
There are several methods one is the old "white list" in group policy

\user configuration\administrative templates\system  ….  “Run only specified Windows applications

It is not the greatest solution and the Microsoft AD team talked bout it in a mail sack last month (see question about halfway down)
http://blogs.technet.com/b/askds/archive/2010/10/08/friday-mail-sack-cluedo-edition.aspx

They mentioned app locker which is a Windows 7 feature but you can use software restriction policies  http://technet.microsoft.com/en-us/library/bb457006.aspx

Test on a few machines to get a feel for it.

Thanks

Mike
0
 
LVL 4

Assisted Solution

by:jcurrie
jcurrie earned 375 total points
ID: 34241731
Create a Group Policy

Computer Configuration > Administrative Templates > Windows Components > Windows Installer > Prhibit User Installs = Enabled + Prohibit User Installs

This method is super easy to implement but has two drawbacks

1) it only prevents installtions which use the Windows Installer
2) As a domain admin you won't be able to install programs either unless you disable the policy momentarially or push the installs through GPO
0
 

Author Closing Comment

by:Neo_78
ID: 34367890
As none of the Solutions are actually complete but helped with some options only
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question