We have Windows 2003 Domain with all the domain Controllers running Windows 2003. We have got approx 10000 users. We have a requirement to block the Software installations in Desktops by users. We want to block .exe files from running but dont want to disturb the Windows internal executables. Is there a way to achieve that.
Many of the users in our environment are lacal admins so this creates problem.