Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

active directory OU

Posted on 2011-03-18
6
Medium Priority
?
215 Views
Last Modified: 2012-05-11
i have windows 2003 servers in an active directory domain -  i don't want to allow a few users from being able to add any software - unfortunately - i can't keep the users out of the local admin account. i was assuming i could accomplish this through group policies - however - when i was poking around in group policies i didn't see how i could keep people from adding software - what am i missing?
0
Comment
Question by:JeffBeall
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 30

Expert Comment

by:Randy Downs
ID: 35168517
You really need to lock down the local accounts. I'd remove all but guest & admin account with a password.
0
 
LVL 30

Assisted Solution

by:Randy Downs
Randy Downs earned 664 total points
ID: 35168539
Note you can let users have local accounts as long as they are not admins
0
 
LVL 1

Author Comment

by:JeffBeall
ID: 35168564
we have a software package that requires the user to be the local admin, that is why i said

"i can't keep the users out of the local admin account"
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 27

Accepted Solution

by:
KenMcF earned 668 total points
ID: 35168592
If the users are local admins they can bypass any restricted polciy you set on that computer. You can look into third party software like DeepFreeze

http://www.faronics.com/en/Products/DeepFreeze/DeepFreezeEducation.aspx
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 668 total points
ID: 35168595
You can use software restriction policies   http://technet.microsoft.com/en-us/library/bb457006.aspx  in Windows 7 it is improved and known as applocker.

Thanks

Mike
0
 
LVL 1

Author Closing Comment

by:JeffBeall
ID: 35180625
thank you
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question