Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 220
  • Last Modified:

active directory OU

i have windows 2003 servers in an active directory domain -  i don't want to allow a few users from being able to add any software - unfortunately - i can't keep the users out of the local admin account. i was assuming i could accomplish this through group policies - however - when i was poking around in group policies i didn't see how i could keep people from adding software - what am i missing?
3 Solutions
Randy DownsOWNERCommented:
You really need to lock down the local accounts. I'd remove all but guest & admin account with a password.
Randy DownsOWNERCommented:
Note you can let users have local accounts as long as they are not admins
JeffBeallAuthor Commented:
we have a software package that requires the user to be the local admin, that is why i said

"i can't keep the users out of the local admin account"
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

If the users are local admins they can bypass any restricted polciy you set on that computer. You can look into third party software like DeepFreeze

Mike KlineCommented:
You can use software restriction policies   http://technet.microsoft.com/en-us/library/bb457006.aspx  in Windows 7 it is improved and known as applocker.


JeffBeallAuthor Commented:
thank you

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now