Solved

Restrict who can use MS Office 2007 Applications on Windows Server 2008 R2

Posted on 2011-02-11
4
791 Views
Last Modified: 2012-08-14
I'm looking for a way to restrict who can access Microsoft Office by user.  This server is running Windows Server 2008 R2 and is not in a domain (no Active Directory).  This is a terminal server, so all users will be connected to this server.

I want the following restrictions per user (or group)

Can run all Office 2007 Applications
Can run only Excel
Can run no office 2007 Applications

Any assistance is greatly appreciated.
0
Comment
Question by:brianfsu1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 8

Accepted Solution

by:
Toxacon earned 500 total points
ID: 34874642
Add one group for Excel and one group for all Office apps. Use NTFS permissions to allow execute of the Office executables based on group membership.

For example:

Grp_Allow_Excel
Grp_Allow_Office

Remove Users from Excel.exe access list and add Grp_Allow_Excel and Grp_Allow_Office with Read/Execute

Remove Users from Outlook.exe, Winword.exe etc access list and add Grp_Allow_Office with Read/Execute.

If a user-level user is not a member, he/she can't launch any Office program.
0
 

Author Comment

by:brianfsu1
ID: 34874840
Thanks for the response.  That's an interesting angle at accomplishing this that I hadn't thought of.  

The only downside (and I should've mentioned this in the original question) is that it would be nice if they didn't even see shortcuts to those applications as well.  
0
 
LVL 8

Expert Comment

by:Toxacon
ID: 34875068
Maybe you can develop a script that detects the membership (IFMEMBER.EXE) and based on that copies or removes the shortcuts from the user desktop or start menu. Naturally, as the original shortcuts are in All Users profile, you have to remove them.
0
 

Author Closing Comment

by:brianfsu1
ID: 34890177
Worked great.  Thanks.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question