Group Policy to prevent regular domain users from uninstalling programs

Hi,

I am trying to create and link a group policy to all regular domain users in my windows server 2008 AD. This group policy job is to prevent those users from uninstalling/removing any programs that was previously installed on their machines.

Knowing that all client PCs are using Windows 7.

Is there such GP to use.

Thank you
ksssgAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

kevinhsiehCommented:
Are you sure your regular users are regular, ie nornal limited users and not power users or administrators on the local machines? Regular users don't have rights to install/uninstall software.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Vinchenzo-the-SecondCommented:
You don't a GPO.  Domain users by default will not have admin access on there device, so they will not have permission to uninstall programs
0
nipponsoulCommented:
I agree with kevinhsieh and  Vinchenzo-the-Second.

Bear in mind there are many GPs for controlling control panel "Add/Remove Programs" under User config/policies/admin templates/control panel/ ...

You can always test these using a Test OU :)


0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

ksssgAuthor Commented:
I have another admin that helps me manage the network in my absence.

I asked him if he used his admin rights to remove a symantec end point client from one workstation we have and he said he did not.

This version of symantec end point requires also a password to be removed.

Your right guys, I just checked removing the same program installed on another pc which is also joined to the domain using a different regular domain username, it asked me then for an admin log on info to proceed, hmmm!!!

The thing is that I found one of my domain workstation with no symantec client on!!! and I dont remember uninstalling it, and my other admin says the same too!!!

I also checked the pc for admin rights and all the other users if there was any of them with admin rights and the weird thing is that none of them has admin rights!!!!

I had the symantec end point client installed back on that machine but thats not enough.

I need to know what happend and what username was used at that time to uninstall that end point client from the workstation.

now I am so worried and I dont really know what to do beside changing our admin passwords!.
0
Vinchenzo-the-SecondCommented:
You need to search through the log files, this will give you an indication when the software was uninstalled, then you can check the security log to see who logged on before the software was uninstalled.  It could be someone who knows the local admin password.
0
ksssgAuthor Commented:
Yeah, I think your right Vinchenzo-the-Second, there isnt anything else.

Thank you guys for your help.

Appreciate it.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.