active directory OU

Posted on 2011-03-18
Last Modified: 2012-05-11
i have windows 2003 servers in an active directory domain -  i don't want to allow a few users from being able to add any software - unfortunately - i can't keep the users out of the local admin account. i was assuming i could accomplish this through group policies - however - when i was poking around in group policies i didn't see how i could keep people from adding software - what am i missing?
Question by:JeffBeall
LVL 29

Expert Comment

by:Randy Downs
ID: 35168517
You really need to lock down the local accounts. I'd remove all but guest & admin account with a password.
LVL 29

Assisted Solution

by:Randy Downs
Randy Downs earned 166 total points
ID: 35168539
Note you can let users have local accounts as long as they are not admins

Author Comment

ID: 35168564
we have a software package that requires the user to be the local admin, that is why i said

"i can't keep the users out of the local admin account"
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

LVL 27

Accepted Solution

KenMcF earned 167 total points
ID: 35168592
If the users are local admins they can bypass any restricted polciy you set on that computer. You can look into third party software like DeepFreeze
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 167 total points
ID: 35168595
You can use software restriction policies  in Windows 7 it is improved and known as applocker.



Author Closing Comment

ID: 35180625
thank you

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Last week, our Skyport webinar on “How to secure your Active Directory” ( provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question