?
Solved

Restrict users from installing software with Windows 2011 SBS Policies

Posted on 2014-08-02
7
Medium Priority
?
453 Views
Last Modified: 2014-08-17
I have a Windows 2011 SBS server, for the first time, we are going to format every computer in the office and add them to the domain, every computer with their corresponding user..

We are doing this so we can protect our company restricting users to install illegal software, how can I restrict users from installing software?, every user was created using the add user wizard on sbs 2011, as a normal user...

I cannot manage to understand 100% the group policies, and how to give some users different policies.

can someone help me?
0
Comment
Question by:marpanet
  • 3
  • 3
7 Comments
 
LVL 14

Assisted Solution

by:Natty Greg
Natty Greg earned 1000 total points
ID: 40236361
Create user groups and create policies per group, instead of per user policy.
then you can put each user in their respective group. each user can be be a part of mutiple groups.
however if you do not want a particular user to install anything then make his primary group the one with the restrict install (anything) then make him/her a member of any other group you  wish
0
 
LVL 2

Author Comment

by:marpanet
ID: 40236381
I needdd help!!!!!
I just added on the restricted group the Administrator group as I found out on a webpage!! Now I can´t log in via RDC not even locally,  "You cannot log on because the logon method you are using is not allowed on this computer", what can I do???? I cannot get inside my server!!!! :´´´(
0
 
LVL 14

Expert Comment

by:Natty Greg
ID: 40236508
ok thats a rap unless someone else have an in site other than that you have to reinstall the server.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 14

Expert Comment

by:Natty Greg
ID: 40236511
Next time you want to secure the admin from any attack, change the name from admin to something else that you'll remember, never put admin in restricted group, however i fail to see how you put it there without the server barking at you if you're sure.
0
 
LVL 2

Author Comment

by:marpanet
ID: 40236518
The admin user is not Admin, it{s another name, putting the group in restricted group caused my user to not been able to log to anything????

I can manage to enter Windows only in the Active Directory Restore Mode, but from there, I don´t know how to restore to default as it was...  what can I do??
0
 
LVL 35

Accepted Solution

by:
Cris Hanna earned 1000 total points
ID: 40237317
You are going to have to restore the SBS server back to before you made this change.

if your user accounts are already created in the SBS console, make sure it shows them as Standard users.  standard users cant install software   DON'T make the SBS administrator account a standard user.
0
 
LVL 2

Author Closing Comment

by:marpanet
ID: 40266935
Sorry for the delay, I had to reinstall the server because there was no other option...
I followed both solutions and both worked.

Thanks to all..
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question