Solved

active directory OU

Posted on 2011-03-18
6
208 Views
Last Modified: 2012-05-11
i have windows 2003 servers in an active directory domain -  i don't want to allow a few users from being able to add any software - unfortunately - i can't keep the users out of the local admin account. i was assuming i could accomplish this through group policies - however - when i was poking around in group policies i didn't see how i could keep people from adding software - what am i missing?
0
Comment
Question by:JeffBeall
6 Comments
 
LVL 29

Expert Comment

by:Randy Downs
ID: 35168517
You really need to lock down the local accounts. I'd remove all but guest & admin account with a password.
0
 
LVL 29

Assisted Solution

by:Randy Downs
Randy Downs earned 166 total points
ID: 35168539
Note you can let users have local accounts as long as they are not admins
0
 
LVL 1

Author Comment

by:JeffBeall
ID: 35168564
we have a software package that requires the user to be the local admin, that is why i said

"i can't keep the users out of the local admin account"
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 27

Accepted Solution

by:
KenMcF earned 167 total points
ID: 35168592
If the users are local admins they can bypass any restricted polciy you set on that computer. You can look into third party software like DeepFreeze

http://www.faronics.com/en/Products/DeepFreeze/DeepFreezeEducation.aspx
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 167 total points
ID: 35168595
You can use software restriction policies   http://technet.microsoft.com/en-us/library/bb457006.aspx  in Windows 7 it is improved and known as applocker.

Thanks

Mike
0
 
LVL 1

Author Closing Comment

by:JeffBeall
ID: 35180625
thank you
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now