Solved

Restrict who can use MS Office 2007 Applications on Windows Server 2008 R2

Posted on 2011-02-11
4
792 Views
Last Modified: 2012-08-14
I'm looking for a way to restrict who can access Microsoft Office by user.  This server is running Windows Server 2008 R2 and is not in a domain (no Active Directory).  This is a terminal server, so all users will be connected to this server.

I want the following restrictions per user (or group)

Can run all Office 2007 Applications
Can run only Excel
Can run no office 2007 Applications

Any assistance is greatly appreciated.
0
Comment
Question by:brianfsu1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 8

Accepted Solution

by:
Toxacon earned 500 total points
ID: 34874642
Add one group for Excel and one group for all Office apps. Use NTFS permissions to allow execute of the Office executables based on group membership.

For example:

Grp_Allow_Excel
Grp_Allow_Office

Remove Users from Excel.exe access list and add Grp_Allow_Excel and Grp_Allow_Office with Read/Execute

Remove Users from Outlook.exe, Winword.exe etc access list and add Grp_Allow_Office with Read/Execute.

If a user-level user is not a member, he/she can't launch any Office program.
0
 

Author Comment

by:brianfsu1
ID: 34874840
Thanks for the response.  That's an interesting angle at accomplishing this that I hadn't thought of.  

The only downside (and I should've mentioned this in the original question) is that it would be nice if they didn't even see shortcuts to those applications as well.  
0
 
LVL 8

Expert Comment

by:Toxacon
ID: 34875068
Maybe you can develop a script that detects the membership (IFMEMBER.EXE) and based on that copies or removes the shortcuts from the user desktop or start menu. Naturally, as the original shortcuts are in All Users profile, you have to remove them.
0
 

Author Closing Comment

by:brianfsu1
ID: 34890177
Worked great.  Thanks.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

My attempt to use PowerShell and other great resources found online to simplify the deployment of Office 365 ProPlus client components to any workstation that needs it, regardless of existing Office components that may be needing attention.
This article helps those who get the 0xc004d307 error when trying to rearm (reset the license) Office 2013 in a Virtual Desktop Infrastructure (VDI) and/or those trying to prep the master image for Microsoft Key Management (KMS) activation. (i.e.- C…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
The viewer will learn how to use the =DISCRINV command to create a discrete random variable, use this command to model a set of probabilities and outcomes in a Monte Carlo simulation, and learn how to find the standard deviation of a set of probabil…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question